Throughout 2019, The Burn-In covered the rising incidence of corporate and municipal ransomware attacks. Indeed, cybercriminals paralyzed major cities like New Orleans and large companies like Travelex. Now, the New York Times has posted a new story that details the impact of the recent epidemic of financially motivated hacks.
A Surge in Attacks and Costs
Cybersecurity company Emsisoft told the New York Times that 205,280 organizations sustained ransomware attacks in 2019. The firm notes the statistic represents a 41 percent increase from the prior year.
However, it’s worth noting that Emsisoft’s data isn’t comprehensive. Commonly, organizations and individuals don’t report the fact that they’ve been hacked and held ransom to the authorities.
That said, another cybersecurity concern called Coveware told the paper that 2019 also saw an increase in extortion payment amounts. In the fourth quarter of last year, the firm found the average ransomware payout totaled $84,116, more than the cost in the third quarter. Moreover, the company recorded the average payout expense rose to $190,946 last December.
By comparison, Coveware states ransomware victims paid an average of $20,000 in early 2019.
Again, the above-stated figures are incomplete because digital assaults regularly go underreported. Often, corporations quietly pay off cybercriminals rather than make public confidence shaking public disclosures. Unfortunately, not all ransomware targets have the resources to endure a cyber-attack.
A Denver-based printing company called Colorado Timberlane closed its doors forever after being ransomed in 2018. In addition, Michigan medical firm Brookside ENT and Hearing Services shut down after hackers encrypted its files and network. Similarly, a California doctor ended her practice in December after sustaining $55,000 in costs after being hacked.
Why Ransomware Attacks are Becoming More Prevalent and Costly
Like any financial crime, ransomware attacks are, in part, becoming more prevalent and costly because they are successful.
While many municipalities have publicly pledged to deny extortion attempts, others have taken a different tact. Last June, the city of Riviera Beach paid hackers $600,000 to regain control of its public networks. Although law enforcement agencies recommend organizations not comply with ransomware demands, it’s not hard to understand why leaders go against their advice.
Last May, cybercriminals seized control of Baltimore’s digital infrastructure using a piece of U.S. government made malware called EternalBlue. In response, city leaders rejected the demand for $100,000 and contacted the Federal Bureau of Investigation. Nevertheless, Charm City failed to find a way to unlock its systems and ended up paying $18 million to rebuild its networks.
Also, because cyber extortionists conduct their operations using encrypted messaging services and cryptocurrencies, they are challenging to track down.
Malicious operators can now gain access to sophisticated ransomware much more accessible than ever before. For instance, the cybercriminals who took over Travelex’s systems used a program called Sodinokibi that’s available as a ransomware-as-a-service (RaaS). Typically, RaaS designers create powerful malware, sell it to cybercriminals, and collect a percentage of the ransom.
Last year, a Sodinokibi user collected $287,499 in Bitcoin in just 72 hours.
Accordingly, Bryan Sartin, Verizon’s head of global security services, recommends organizations establish cyber-attack slush funds. “Almost everyone says we will never pay the ransomware,” said the expert. “But when push comes to shove, probably two out of three will.”