Bitcoin ransomware attacks up 365% – here’s why victims are paying up

2480

Ransomware attacks have almost quadrupled this year and are now targeting cities, hospitals, and schools. For many victims, there is a good reason to pay up.

A new report from Malwarebytes Labs found a shocking increase in the number of ransomware attacks on businesses, which is up 365% over the past year.

It said ransomware was now “dominating” the cybercrime landscape.

The good news is that consumers only reported a 12% increase over the same period although they still report a slightly higher number of ransomware infections than businesses.

Companies are more lucrative

One of the world’s top ransomware fighters, Fabian Wosar, CTO for Emsisoft, told Micky that many organisations have insurance, they’re highly motivated, and can afford to pay large ransoms to decrypt their essential files.

“Ransomware for home users has been going down rapidly since the end of 2017, while ransomware for companies has gone up dramatically especially in last year and a half,” he said.

“The ransomware amounts have gotten crazy, a few years ago ransoms in six and seven figures were unthinkable but now they’re pretty much the norm.”

Average ransom now $36k

A recent report from Coveware found that the average ransom had increased 184% to $36,295 from Q1 to Q2 this year, with ransoms paid in Bitcoin accounting for 99% of all payments.

Most payments are sent to exchanges and then swapped for privacy coins.

Somewhat ironically, the Malwarebytes report found the reason hackers target cities, schools, and hospitals with ransomware attacks is because they often have limited budgets to upgrade IT infrastructure and software, leaving them exposed to attack.

The average number of days a ransomware attack lasts is 9.6 days

“The last year has exposed how unprepared many organizations are for cyberattacks,” the report said.

“Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft.”

Spear phishing

Hackers usually get the malware into their targets’ systems by breaking into remote desktops using dictionary attacks or using spear phishing to fool employees into opening malware as an email attachment which then downloads additional malware.

Ryuk and Phobos are the top ransomware families attacking businesses, increasing by 88% and 940% over Q1 2019, respectively. Rapid rose 319% over Q2 2018.

More than half of all ransomware detections occurred in the United States with the remainder (35%) spread primarily through Europe, the Middle East, and Africa. The Asia Pacific was relatively untouched with just 7%.

92% of data in ransomware attacks was recovered

Should you pay up or not?

Micky reported recently about Lodi City in California, which refused to pay the ransom and had outages that lasted over two months.

Its decision not to pay was in stark contrast to Lake City and Riviera City in Florida that both paid off hackers around half a million dollars in June, and Jackson County, Georgia which paid $400,000 to recover access in March.

Experts often advise clients not to pay the ransom because it encourages further attacks and because there’s no guarantee the criminals will decrypt your files.

However, this last assertion isn’t borne out by Coveware’s statistics. They found that there is a 96% chance that if you pay up, you’ll get access to your files again.

96% chance of data recovery if you pay up in a ransomware attack

The Ryuk and Sodinokibi variants take criminal customer service to the next level with a 100% decryption rate, usually within 2 hours.

However, while Sodinokibi recovered close to 100% of victims’ data, Ryuck only managed 87% due to a flawed encryption process.

Wosar said he wouldn’t encourage people to pay the ransom unless there was no option.

“It depends on your circumstances. If you’re going to lose some pics of your dog, it may be sad but not ruin your life and maybe you shouldn’t pay because you probably shared pics with family and friends and can get some back.

“On the other hand, if you’re a large company and lots of livelihoods depend on (the company) you may be inclined to pay, especially if cyber insurance covers it.”

Don’t pay until you’ve tried available decryption tools

However, you shouldn’t pay a cent until you’ve uploaded samples of the encrypted files to free services including ID Ransomware and No More Ransom.

If they have already cracked the ransomware family, you will be able to download a decryption solution and unlock your system at no cost.