Ransomware Attacks Demanding Crypto Are Unfortunately Here to Stay

Published at: Aug. 8, 2020

Year after year, the ransomware landscape changes dramatically. In 2019, a new resurgence of attacks occurred as businesses and government institutions became the main targets of ransomware, given their capacity to yield larger payouts. 

The most recent attack was against Garmin, a navigation systems company, on July 23. Due to the attack, many of its online services such as customer support, website functions and company communications were affected. Reportedly, the Russian cybergang Evil Corp launched the attack, demanding $10 million in cryptocurrency to restore access to Garmin’s services

Overall, according to a report by anti-malware software firm Malwarebytes, there was a 365% increase in ransomware attacks against businesses between the second quarter of 2018 and the second quarter of 2019.

Other reports show that 948 United States government agencies and healthcare and education institutions were affected by ransomware attacks in 2019. Apart from the cost of paying ransomware to attackers, government institutions in the U.S. also spent at least $176 million on rebuilding and restoring the networks, investigating the attacks, and putting up preventative measures.

Increased attacks in 2020

So far, 2020 has seen an increase in the number of attacks, partially due to the coronavirus pandemic. Already, government and health institutions, private businesses and educational establishments have spent a whopping $144 million to deal with ransomware attacks. Most worryingly, the U.S. Federal Bureau of Investigation recently reported a 75% increase in ransomware attacks on healthcare entities. Most of these attacks are conducted through email-based phishing exploits, and the attackers demand crypto as payment.

Alberto Daniel Hill, a whitehat hacker and cybersecurity consultant, told Cointelegraph that “attacks on medical providers/hospitals are something that cybercriminals target as it is much likely for that kind of company to pay.” Hill further added: “Being a victim of a security incident for medical providers is really serious and complicated for the company to recover in terms of image, as well as reputation and therefore they have to pay.”

The rapid spread of crypto ransomware attacks

Fast-paced technological developments in the ransomware landscape make it extremely difficult for law enforcement agencies to investigate and solve ransomware-related crimes. In particular, cryptocurrency is one of the technological developments stigmatized for its use by hackers as a payment. In the event of a ransomware attack, strong encryption is used to lock an institution’s data, which is only decrypted after confirmation of payment. Given that cryptocurrencies have built-in pseudo-anonymous transactions, attackers may choose to demand crypto over fiat money.

In the first quarter of 2020, there was a 300% spike in so-called "cryptojacking" attacks in Singapore. These ransomware attacks are mostly conducted against a user’s device whereby that device is commandeered to mine cryptocurrency. Hill agreed that the use of crypto by ransomware attackers will taint the image of cryptocurrencies. However, he added, "Lack of knowledge about cryptocurrencies is what makes people link cryptocurrencies with crime, as they do not know all the good things cryptocurrencies involve.”

With that in mind, here is a list of some of the most notable crypto ransomware attacks from the most recent past.

Salisbury Police Department attacked

On January 9, 2019, ransomware attackers encrypted the files of the entire Salisbury, Maryland police department, rendering them unusable. It was reported that officials attempted to negotiate with the attackers for an undisclosed amount of money as payment in exchange for the key to decrypt the data. However, the negotiations quickly ceased. This was not the first time the agency suffered a ransomware attack.

A $400,000 payout in Jackson County, Georgia

Throughout 2019, barely a month passed without news of a local government institution falling victim to a ransomware attack. In March 2019, Jackson County, Georgia was struck by ransomware that demanded a $400,000 payment in Bitcoin (BTC), which the officials agreed to. The Ryuk ransomware that was used in the attack affected a large number of offices and county agencies. Jackson County’s manager said that they “had to make a determination whether to pay,” as the damage would result in a loss of money and time rebuilding the system.

Baltimore attack

2019 also saw hackers seize thousands of government computers belonging to the city of Baltimore. The attackers used a variant of the Robbinhood ransomware and demanded payment of about 13 Bitcoin (around $100,000 at the time). Although reports suggest that Baltimore City Council officials refused to pay, it took weeks to get affected systems back online, and it cost about $18 million to repair the damage.

Two Florida cities hacked

In a spree of attacks against local government entities, two cities in Florida were held hostage in 2019. Lake City was required to pay 42 Bitcoin (around $426,000 at the time) to end a 15-day standoff. The second city, Riviera Beach, voted to pay the requested 65 Bitcoin (around $600,000 at the time) after the hackers disabled the city’s online services. In a twist of events, despite paying the ransom, reports show that it took Lake City weeks to recover its data.

Escalated attacks in 2020

While attackers focused more on public institutions throughout 2019, this year has seen an escalation of hacking tactics in addition to higher demands. In mid-May, the computer systems of an entertainment and media law firm were hacked by the REvil group. 

REvil claimed to have possession of hundreds of gigabytes of private data belonging to public figures such as Lady Gaga, Nicki Minaj, Mary J. Blige and Madonna, to mention a few. While the hackers initially asked for $21 million, they doubled their payment demand to $42 million and announced that they would also target U.S. President Donald Trump. According to reports, the law firm did not negotiate with the hackers.

University pays a 30 Bitcoin ransom demand

In February, the University of Maastricht in Amsterdam agreed to pay hackers a 30 Bitcoin ransom after an attack that threatened to damage the work of its students, staff and scientists. According to the university’s vice president, the decision to pay the hackers was made in order to avoid the high costs of rebuilding the entire IT network.

Attacks on healthcare and medical institutions

During the first half of 2020, reports show that at least 41 hospitals and healthcare organizations were successfully hacked in ransomware attacks. Despite the devastating effect of the coronavirus pandemic, experts predict that the rate of attacks is set to increase as more employees return to work.

Given the sensitivity of medical data, victims have had to meet the exorbitant payment demands to secure their data. For instance, the University of California, San Francisco recently paid $1.4 million in ransom after several of its medical school’s servers were hacked.

Tackling ransomware attacks

As several industries including healthcare, finance and government face increasing threats from hackers, experts recommend public and private organizations invest more in ransomware prevention and response. Hill suggested that the first step in protecting against hackers is awareness of how phishing attacks are conducted, as they are becoming popular with hackers. Hill added that a good backup policy is also important.

Related: The Most Malicious Ransomwares Demanding Crypto to Watch Out For

Ransomware attacks have proved to be a lucrative business for most cybercriminal groups. A 2016 study shows that the number of new ransomware families increased by 172% in the first half of that year alone, with hackers bringing increasingly sophisticated tools and widening their pool of potential victims. Given the high costs of rebuilding a network, Hill recommends — contrary to popular opinion — that “it might be smart to have some cryptocurrencies as the last resource.”

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Mac Users Beware — New Ransomware Targets Apple Computers
A new ransomware is targeting macOS users who download installers for popular apps via torrent files. Known as EvilQuest, the attack was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Findings show that EvilQuest has been quite active since the start of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums. Same BTC address used EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack. One of the first signs that EvilQuest has deployed an …
Technology / July 1, 2020
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Ransomware Gang Failed to Deploy an Attack Against 30 US Firms
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Technology / June 28, 2020
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020