FBI says ransomware victims paid over $140 million to attackers
Federal Bureau of Investigation (FBI) was one of the
attendees at the RSA 2020 conference which covers security and is attended by
big companies like IBM and AT&T. This year, the conference lacked involvement
from major tech giants due to the Coronavirus outbreak but FBI and others
attended the event to talk about customer security.
At the event, FBI released an interesting stat which claims
that ransomware victims have paid over $140 million to the attackers in the
last 6 years. The agency arrived at the number by analyzing bitcoin wallets and
ransom notes.
FBI Special Agent Joel DeCapua presented his findings in two
sessions explaining how he analyzed bitcoin wallets to arrive at the number.
According to DeCapua, between October 2013 and November 2019, approximately
$144,350,000 was paid in bitcoins to ransomware attackers. The most profitable
ransomware was Ryuk which brought $61.26m.
Ryuk was then followed by Crysis/Dharma at $24.48m and
Bitpaymer at $8.04m. FBI noted that the ransom amounts could be higher as they
don’t have the full data available. Most companies try and hide these details
to prevent negative press and hurt their stock prices. DeCapua also revealed
that Windows Remote Desktop Protocol (RDP) is the most common method used by
attackers to gain access to the victim’s PC.
RDP accounts for 70-80% of all network breaches which is why
he recommended organizations use Network Level Authentication (NLA) for
additional protection. DeCapua also suggested organizations to use complex
passwords on their RDP accounts. He also recommended organizations to monitor
updates and install updates for both apps and OS as soon as possible.
It is very common for researchers to publish
Proof-of-concept after a vulnerability is fixes so any bad actor can use it to
attack a system that hasn’t been updated. Lastly, he stretched on the
importance of identifying phishing websites and making sure they have data
backups to prevent falling victim to a ransomware attack.
Comments
Post a Comment