The U.S. Federal Bureau of Investigation (FBI) recently held a panel called “Feds Fighting Ransomware: How the FBI Investigates and How You Can Help” at the RSA Conference 2020. It was revealed how much cybersecurity victims had to pay in ransom over the last six years.
During the panel, FBI agent Joel DeCapua highlighted just how lucrative the ransomware business can be. According to DeCapua, criminals have raked in over a staggering US$144 million [AU$219 million] in Bitcoin between October 1, 2013, and November 7, 2019.
What is interesting is that the said amount is what was paid by the victims exclusively in Bitcoin and not other cryptocurrencies. The FBI did acknowledge that the “vast majority of ransomware proceeds are paid in Bitcoin.”
Big money involved in ransomware hacks
The true cost of the ransomware attacks is actually much higher than the $144 million cited, which is just the total of the many ransoms.
A report recently stated that the 948 attacks on educational establishments, government agencies, and healthcare providers in the United States during 2019 had a potential cost of over $7.5 billion.
The FBI panel listed the three main strains of ransomware in terms of money extorted:
- Ryuk, which raked in $61.26 million in just over a year
- Crysis/Dharma, with $24.48 million earned in almost three years
- Bitpaymer, with $8.04 million over two years
Pervasive ransomware variants being developed
According to DeCapua, there are several reasons that such attacks are so successful. One is that organizations can now buy insurance to pay off a Bitcoin ransom, which he says leads to more ransoms being paid.
Another reason for the success of ransomware is that an extensive economy has been built up around it.
DeCapua further reported that the developers of the malicious software are making new variants and are operating ransomware-as-a-service operations wherein they gain affiliates who use the ransomware to earn a percentage of any money extorted.
Ransomware attacks abound
The number of ransomware attacks that have occurred over the last several years is astounding.
Major cities like Baltimore, New Orleans, and Atlanta have been hit with such attacks, costing the cities millions to get their systems up and running. Smaller cities like Pensacola, Lodi City, Lake City, and Riviera Beach have been targeted as well.
The Mexican state-run oil company, Pemex, was attacked last year. Portions of its computer systems were crippled as the hackers demanded a ransom of 565 bitcoins, worth $5 million at the time.
Schools and universities have been hit as well. The University of Maastricht chose to pay the ransom of $220,000 after being attacked. A Michigan school district had to extend their winter holiday an extra week as ransomware infected the district’s servers over the Christmas break. The school district closed its three schools to manually fix the problem after deciding not to pay the $10,000 bitcoin ransom.