Wednesday, February 12th 2020

Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.
Ransomware works by deploying a payload on a users' system that then proceeds to selectively (or wholly) encrypt the data found on the machine's storage drives. Then a cryptocurrency address is shown to the affected user, alongside an instructional message on how to proceed. Of course, payment of the required ransom doesn't always lead to a recovery of the data - as in all criminal dwellings, chances are users both lose their data (which can always be sold to third parties) and money. And there's always another factor to consider: that of lost operations, and thus opportunities at revenue, for companies, or the indirect consequences and costs derived from meddling with systems as fragile as public health and taxation systems. The city of Baltimore, for example, was a very high profile victim of a ransomware attack which saw around 10,000 government computers being locked down, with an estimated cost set at $18 million. The full potential cost of these attacks on US soil alone is estimated at $7.5 billion, with major targets being healthcare providers (764 instances), state and municipal agencies (113 instances) and universities (89 in total, with an estimated 1,233 individual schools potentially affected).

The Emsisoft report is a very interesting read into the consequences of ransomware on today's globalized society and (sometimes for the best, other times, for the worst) tight-knit, interacting systems. Below you'll find a list of actual consequences from a number of ransomware attacks across various sectors, but you can find the full report in the source link.
  • Emergency patients had to be redirected to other hospitals.
  • Medical records were inaccessible and, in some cases, permanently lost.
  • Surgical procedures were canceled, tests were postponed and admissions halted.
  • 911 services were interrupted.
  • Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
  • Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
  • Surveillance systems went offline.
  • Badge scanners and building access systems ceased to work.
  • Jail doors could not be remotely opened.
  • Schools could not access data about students' medications or allergies.
Sources: Emsisoft, via TechSpot
Add your own comment

24 Comments on Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946

#3
fynxer
You are probably right that it is REAL Cyber Terrorism.

Governments does not seam to treat this as Terrorism, an attack on the infrastructure of the society, and that is a major problem.

These guys are getting bolder each year and are attacking more and more critical infrastructure in our society like hospitals, transportation and energy facility's etc etc

Bet you lot of the money goes straight in to real terror organizations to finance training, weapons and planing new attacks.

As it is now they operate with minimal risk getting caught. Brand them as terrorist's and start taking them out with drones.
Posted on Reply
#4
InVasMani
No worries folks Intel is on top of it...
Posted on Reply
#5
R-T-B
fynxer
Brand them as terrorist's and start taking them out with drones.
Wouldn't help much when you don't know who is doing it in the first place... that is half the issue.

InVasMani
No worries folks Intel is on top of it...
I know you are joking, but subsystems like Intel ME and AMD PSP are ripe targets for this sort of thing.
Posted on Reply
#6
silentbogo
We have yet another cryptoplague here. Already had a dozen or so clients with .harma variant ransomware. One of my friends also had to make a few trips.
Mostly small businesses, and the only thing I see in common, is that all of these retards decided to save a little money by using pirated software.
Posted on Reply
#7
Solaris17
Dainty Moderator
Yeah ransomware is brutal. Bots spitting this out like candy as well from servers already compromised. Filters on my mail servers canning lots of emails with emotet and even loki still. shell code exploits hitting my IPS daily.

Few in TPU care of the AV threads here are any indication but no doubt the web is the Wild West and its a scary place when you look at the logs. RDP brute forces for days.
Posted on Reply
#8
DeathtoGnomes
This is one of those articles that is mean to scare folk. The lack of reference to protection or whats being done to combat such attacks is the first clue. Also, Emsisoft seems to be the only source and I suspect thats for a reason, to get you to buy their product as guaranteed protection. The person writing the original article certainly did not do their due diligence in sufficient research to confirm the findings that Emsisoft so readily supplied as fact checked.

I'm not saying the stated facts are wrong, they still could be, it would be refreshing to see confirmation on such scare tactics. On the other hand, my tin foil hat might be too tight atm.
Posted on Reply
#9
oobymach
A great reason to run an anti-ransomware security imo, and another reason to have a complete backup of any data you care about and an image of your c drive backed up regularly to an external drive. Last time I fubar'd my system I was able to restore it in about 20 minutes from complete fubar to normal desktop. Had I not had a backup I would be facing months of loss.
Posted on Reply
#10
mechtech
If one ran sandbox or vm all the time, would that mitigate some of the risk??
Posted on Reply
#11
rtwjunkie
PC Gaming Enthusiast
DeathtoGnomes
This is one of those articles that is mean to scare folk. The lack of reference to protection or whats being done to combat such attacks is the first clue. Also, Emsisoft seems to be the only source and I suspect thats for a reason, to get you to buy their product as guaranteed protection. The person writing the original article certainly did not do their due diligence in sufficient research to confirm the findings that Emsisoft so readily supplied as fact checked.

I'm not saying the stated facts are wrong, they still could be, it would be refreshing to see confirmation on such scare tactics. On the other hand, my tin foil hat might be too tight atm.
I can add a whole other city that was hit hard. Here in New Orleans the entire city government and most of the departments were shuttered for 2 weeks while they dealt with the ransomware attack. The monetary loss is still unknown.

Definitely not a scare tactic.
Posted on Reply
#12
SomeOne99h
rtwjunkie
I can add a whole other city that was hit hard. Here in New Orleans the entire city government and most of the departments were shuttered for 2 weeks while they dealt with the ransomware attack. The monetary loss is still unknown.

Definitely not a scare tactic.
Wh ... This sounds like a movie coming to reality.
Posted on Reply
#13
rtwjunkie
PC Gaming Enthusiast
SomeOne99h
Wh ... This sounds like a movie coming to reality.
The cost to recover, without paying the ransom is so far about $7 million.

https://www.nola.com/news/politics/article_7d22e948-3e31-11ea-98bc-9b69342bc6a8.amp.html

https://www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/#cb02dd46a055

https://abcnews.go.com/US/orleans-city-government-hit-cyberattack/story?id=67731695
Posted on Reply
#14
DeathtoGnomes
rtwjunkie
I can add a whole other city that was hit hard. Here in New Orleans the entire city government and most of the departments were shuttered for 2 weeks while they dealt with the ransomware attack. The monetary loss is still unknown.

Definitely not a scare tactic.
I dont disagree with you, but because of what you just added proves my point, obvious research is omitted, its not even a good start into this topic. I see this is sensationalist journalism, write just enough to get interest and fail at delivering the whole enchilada (the big picture :p ).
Posted on Reply
#15
Ferrum Master
silentbogo
all of these retards decided to save a little money by using pirated software.
In my cases most came from pirated games... kinda pirated pirated... the crack group itself isn't at fault usually. Afterwards it even more altered by third party using shady installers etc.
Posted on Reply
#16
TheGuruStud
rtwjunkie
I can add a whole other city that was hit hard. Here in New Orleans the entire city government and most of the departments were shuttered for 2 weeks while they dealt with the ransomware attack. The monetary loss is still unknown.

Definitely not a scare tactic.
That's what happens when you run Norton, McAfee, etc. They deserve it.

It's even more deserved when you realize the main culprit is windows. Imagine paying licenses for windows and office, then in combination with your expanded stupidity of poor security software, you shutdown the city lol.

Gee, could have just used Linux and solved 99% of the security holes while saving millions.
Posted on Reply
#17
Ferrum Master
TheGuruStud
Gee, could have just used Linux and solved 99% of the security holes while saving millions.
I've been saying that also for a long time. Some try to shut me with things like personnel training etc, yet they haven't looked in Linux themselves. User friendliness is not an issue anymore, everything is more or the less the same. Also job to be done is mostly web client based, so no hurdles about some sort of specific software support... unless it is dreaded active X and even now it is EOL.
Posted on Reply
#18
DeathtoGnomes
Ferrum Master
I've been saying that also for a long time. Some try to shut me with things like personnel training etc, yet they haven't looked in Linux themselves. User friendliness is not an issue anymore, everything is more or the less the same. Also job to be done is mostly web client based, so no hurdles about some sort of specific software support... unless it is dreaded active X and even now it is EOL.
the key word here. The sad part is by the time Linux became user friendly many public systems were already fully established and functional. Any change to current infrastructure is costly and most cities dont have the budget for major changes, which is why many are still using WinXP or Win2000. Any systems that have been upgraded since, are likely on windows 7 or 8 now. Knowing that, and using software like McAfee and Norton has become the goto for protection for older windows versions, attackers have it easy. IT is tough in cities like that because of limited funding and training and I doubt Linux is the only answer.
Posted on Reply
#19
Vayra86
If high value targets switch to Linux, you can just wait for the first big Linux exploit. Don't fool yourselves. The problem is in people and protocol.
Posted on Reply
#20
Solaris17
Dainty Moderator
Vayra86
If high value targets switch to Linux, you can just wait for the first big Linux exploit. Don't fool yourselves. The problem is in people and protocol.
Not to mention just straight config problems. I work in the DC space regularly. You wouldnt believe the amount of sales@company.tld that are running their servers instead of qualified sysadmins. SSH passwords onpar with "hunter1" when I do audits. No SSH keys, permit root login. Your talking about the vast majority of servers running your fav sites being run by people that legit have the firewall still set to testing mode.

I have more faith in some of the users here than the sysadmins of instagram when it comes to machine security. Thats saying alot, since some on this vary forum think machine security is some kind of corporate plot to make money.
Posted on Reply
#21
lynx29
If all cryptocurrency was banned from use in marketplaces and exchanges ransomware would be less common. I know it will never happen since politicians barely know how to use an iphone, but eh.
Posted on Reply
#22
TheUn4seen
lynx29
If all cryptocurrency was banned from use in marketplaces and exchanges ransomware would be less common. I know it will never happen since politicians barely know how to use an iphone, but eh.
Yes, we all know no one ever demanded ransom, bought weapons, traded humans and such using dollars or any other official currency, untraceable gold, precious stones, stocks (through single use entities registered on Cyprus) and so on. The currency is not the issue here, ignorance among politicians and the society is.
A fun story, my neighbor was scammed by a guy who asked her to buy gold and mail it to him in a standard package, promising an "incredible investment opportunity". She did it, because she's an ignorant old lady who believes Facebook is real, and the guy was convincing. People who install ransomware on a work computer because the email promised them cute kittens are of the same type.
Posted on Reply
#23
lynx29
TheUn4seen
Yes, we all know no one ever demanded ransom, bought weapons, traded humans and such using dollars or any other official currency, untraceable gold, precious stones, stocks (through single use entities registered on Cyprus) and so on. The currency is not the issue here, ignorance among politicians and the society is.
A fun story, my neighbor was scammed by a guy who asked her to buy gold and mail it to him in a standard package, promising an "incredible investment opportunity". She did it, because she's an ignorant old lady who believes Facebook is real, and the guy was convincing. People who install ransomware on a work computer because the email promised them cute kittens are of the same type.
Government has cracked down on spam calls that exploit old people, it still happens but not as frequent.

My argument is the same here, yeah it won't fix the problem, but it will reduce the amount overall, allowing law enforcement to do their job easier. Also, that other stuff you mentioned isn't fully ANON like some cryptocurrency is. You should take a stats class, perspective of ratios and percentages is important.

However, none of it really matters. Climate Change, whether caused by humans or not, is going to destroy us within 30 years with mass displacement.

Vayra86
If high value targets switch to Linux, you can just wait for the first big Linux exploit. Don't fool yourselves. The problem is in people and protocol.
This is also makes a lot of sense, I agree.
Posted on Reply
#24
Ferrum Master
At in linux the code is open and community works fast when something happens. You don't have to pay to some sort of antivirus company that is interested to be in this business and have bugs, not cleaning out the core OS code to render them useless in the first place.

With principle like Qubes OS (fedora spinoff) is working (each app as a separate VM), even if one cube compromises, the app itself is hard isolated from the core. It ain't that bad with Linux... there are serious people handling it too.
Posted on Reply
Add your own comment