Ransomware Attacks Demanding Crypto Are Unfortunately Here to Stay
Year after year, the ransomware landscape changes dramatically. In 2019, a new resurgence of attacks occurred as businesses and government institutions became the main targets of ransomware, given their capacity to yield larger payouts.
The most recent attack was against Garmin, a navigation systems company, on July 23. Due to the attack, many of its online services such as customer support, website functions and company communications were affected. Reportedly, the Russian cybergang Evil Corp launched the attack, demanding $10 million in cryptocurrency to restore access to Garmin’s services.
Overall, according to a report by anti-malware software firm Malwarebytes, there was a 365% increase in ransomware attacks against businesses between the second quarter of 2018 and the second quarter of 2019.
Other reports show that 948 United States government agencies and healthcare and education institutions were affected by ransomware attacks in 2019. Apart from the cost of paying ransomware to attackers, government institutions in the U.S. also spent at least $176 million on rebuilding and restoring the networks, investigating the attacks, and putting up preventative measures.
Increased attacks in 2020
So far, 2020 has seen an increase in the number of attacks, partially due to the coronavirus pandemic. Already, government and health institutions, private businesses and educational establishments have spent a whopping $144 million to deal with ransomware attacks. Most worryingly, the U.S. Federal Bureau of Investigation recently reported a 75% increase in ransomware attacks on healthcare entities. Most of these attacks are conducted through email-based phishing exploits, and the attackers demand crypto as payment.
Alberto Daniel Hill, a whitehat hacker and cybersecurity consultant, told Cointelegraph that “attacks on medical providers/hospitals are something that cybercriminals target as it is much likely for that kind of company to pay.” Hill further added: “Being a victim of a security incident for medical providers is really serious and complicated for the company to recover in terms of image, as well as reputation and therefore they have to pay.”
The rapid spread of crypto ransomware attacks
Fast-paced technological developments in the ransomware landscape make it extremely difficult for law enforcement agencies to investigate and solve ransomware-related crimes. In particular, cryptocurrency is one of the technological developments stigmatized for its use by hackers as a payment. In the event of a ransomware attack, strong encryption is used to lock an institution’s data, which is only decrypted after confirmation of payment. Given that cryptocurrencies have built-in pseudo-anonymous transactions, attackers may choose to demand crypto over fiat money.
In the first quarter of 2020, there was a 300% spike in so-called "cryptojacking" attacks in Singapore. These ransomware attacks are mostly conducted against a user’s device whereby that device is commandeered to mine cryptocurrency. Hill agreed that the use of crypto by ransomware attackers will taint the image of cryptocurrencies. However, he added, "Lack of knowledge about cryptocurrencies is what makes people link cryptocurrencies with crime, as they do not know all the good things cryptocurrencies involve.”
With that in mind, here is a list of some of the most notable crypto ransomware attacks from the most recent past.
Salisbury Police Department attacked
On January 9, 2019, ransomware attackers encrypted the files of the entire Salisbury, Maryland police department, rendering them unusable. It was reported that officials attempted to negotiate with the attackers for an undisclosed amount of money as payment in exchange for the key to decrypt the data. However, the negotiations quickly ceased. This was not the first time the agency suffered a ransomware attack.
A $400,000 payout in Jackson County, Georgia
Throughout 2019, barely a month passed without news of a local government institution falling victim to a ransomware attack. In March 2019, Jackson County, Georgia was struck by ransomware that demanded a $400,000 payment in Bitcoin (BTC), which the officials agreed to. The Ryuk ransomware that was used in the attack affected a large number of offices and county agencies. Jackson County’s manager said that they “had to make a determination whether to pay,” as the damage would result in a loss of money and time rebuilding the system.
Baltimore attack
2019 also saw hackers seize thousands of government computers belonging to the city of Baltimore. The attackers used a variant of the Robbinhood ransomware and demanded payment of about 13 Bitcoin (around $100,000 at the time). Although reports suggest that Baltimore City Council officials refused to pay, it took weeks to get affected systems back online, and it cost about $18 million to repair the damage.
Two Florida cities hacked
In a spree of attacks against local government entities, two cities in Florida were held hostage in 2019. Lake City was required to pay 42 Bitcoin (around $426,000 at the time) to end a 15-day standoff. The second city, Riviera Beach, voted to pay the requested 65 Bitcoin (around $600,000 at the time) after the hackers disabled the city’s online services. In a twist of events, despite paying the ransom, reports show that it took Lake City weeks to recover its data.
Escalated attacks in 2020
While attackers focused more on public institutions throughout 2019, this year has seen an escalation of hacking tactics in addition to higher demands. In mid-May, the computer systems of an entertainment and media law firm were hacked by the REvil group.
REvil claimed to have possession of hundreds of gigabytes of private data belonging to public figures such as Lady Gaga, Nicki Minaj, Mary J. Blige and Madonna, to mention a few. While the hackers initially asked for $21 million, they doubled their payment demand to $42 million and announced that they would also target U.S. President Donald Trump. According to reports, the law firm did not negotiate with the hackers.
University pays a 30 Bitcoin ransom demand
In February, the University of Maastricht in Amsterdam agreed to pay hackers a 30 Bitcoin ransom after an attack that threatened to damage the work of its students, staff and scientists. According to the university’s vice president, the decision to pay the hackers was made in order to avoid the high costs of rebuilding the entire IT network.
Attacks on healthcare and medical institutions
During the first half of 2020, reports show that at least 41 hospitals and healthcare organizations were successfully hacked in ransomware attacks. Despite the devastating effect of the coronavirus pandemic, experts predict that the rate of attacks is set to increase as more employees return to work.
Given the sensitivity of medical data, victims have had to meet the exorbitant payment demands to secure their data. For instance, the University of California, San Francisco recently paid $1.4 million in ransom after several of its medical school’s servers were hacked.
Tackling ransomware attacks
As several industries including healthcare, finance and government face increasing threats from hackers, experts recommend public and private organizations invest more in ransomware prevention and response. Hill suggested that the first step in protecting against hackers is awareness of how phishing attacks are conducted, as they are becoming popular with hackers. Hill added that a good backup policy is also important.
Related: The Most Malicious Ransomwares Demanding Crypto to Watch Out For
Ransomware attacks have proved to be a lucrative business for most cybercriminal groups. A 2016 study shows that the number of new ransomware families increased by 172% in the first half of that year alone, with hackers bringing increasingly sophisticated tools and widening their pool of potential victims. Given the high costs of rebuilding a network, Hill recommends — contrary to popular opinion — that “it might be smart to have some cryptocurrencies as the last resource.”