Cyber-crime has become a well-organized, global endeavor powered by networks of people with malicious intent. The attackers get their hands on data, encrypt it and then demand a ransom to be paid before releasing data back to the owner. This type of an incident is called a ransomware attack. Such ransomware has in recent years plagued schools, hospitals, and even municipalities.
Could you guess how much money cyber-criminals really made with prominent ransomware in the last six years? The FBI recently reported that ransomware operators have made up to $144.35 million between January 2013 and July 2019. Ranking on top of this list you find the following ransomwares:
- Ryuk ransomware generating a revenue of $61 million for its operators between February 2018 and October 2019.
- Dharma ransomware making an amount of $24 million between November 2016 and November 2019.
- BitPaymer earning around $8 million between October 2017 and September 2019.
- SamSam allegedly made $6.5 million for its authors by attacking healthcare institutions between 2016 and 2018.
As you can see – cyber-criminals never sleep and ransomware is still one of the favored tactics used by attackers to bypass security controls and gain access to sensitive data which is then used to force a company to pay a ransom and/or be offered on the darknet for sale.
Ransomware incidents have reached a new level of frequency and we expect the number to continue to increase. Affected companies are often willing to pay whatever sum is demanded so they can regain control and get back to business. An ongoing trend that is also reflected in our recent Cyber Threat Bulletin, February / March edition.
A ransomware attack, coming as a computer malware, forced an U.S. maritime base (a military base, where warships and naval ships are docked) offline for more than 30 hours. Ransomware disrupted cameras, door-access control systems and critical monitoring systems at the site. Once an embedded malicious link in the email was clicked by an employee, the ransomware was deployed and enabled the attackers to access mission critical information, and encrypt them, preventing the facility’s access to critical files. The malware further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations.