News Posts matching #Ransom

Return to Keyword Browsing

Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946

A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.

Weekend Reading 101: On Ransomware's Chains and Carbon Black's Report

Carbon Black, a cybersecurity company that's been founded by former members of the U.S. government's elite team of offensive security hackers, has released a report detailing the continued rise of ransomware's impact, which served as the fire-starter for this piece. Carbon Black's Threat Analysis Unit (TAU) has found that ransomware is an increasingly prolific economical entity, bolstered by a 2,502% increase in sales in the dark web. As with every activity, legal or illegal, the economic footprint follows profit; and in ransomware's case, it's estimated it has yielded around $1 billion just this year. Ransomware even has the advantage of not requiring specialized computer skills, and can be quickly and brainlessly deployed in search of a quick buck.

Carbon Black reports that there are currently more than 6,300 ransomware marketplaces in the dark web, with over 45,000 different product listings, which range in price from $0.5 to $3K (the median price for a DIY ransomware package stands at roughly $10.5). Ransomware sellers are taking advantage of this burgeoning, "quick buck at anyone's expense" reasoning: some ransomware sellers are earning more than six figures yearly, sometimes even more than legitimate software companies. It's no surprise, however that the report points to technologies such as Bitcoin and the Tor network as being two of the most important enablers in this ransomware explosion, besides making it much more difficult for law enforcement agencies to, well, enforce the perpetrators.
To our Forum Dwellers: this piece is marked as an Editorial

Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets

"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.

The new, updated Cerber ransomware routine now not only encrypts a user's files, it also looks for some specific, known Bitcoin wallet applications (namely, and as of time of writing, Bitcoin Core, Electrum, and Multibit), copies them to an external server controlled by the hackers, and proceeds to delete them from the user's PC. Naturally, Cerber also has a routine that handles copying passwords that are stored in your browser of choice. The wallet stealing and copying isn't much of a concern per se; there are additional security measures in any given wallet before the hackers can access their potential treasure trove of cryptocurrency. However, many people also keep files with passwords or some such on their computers; and could be doing a disfavor to themselves by not keeping another copy of their wallets on a secure, non-internet connected hardware wallet, or even USB pen. Naturally, a user who kept the password for their wallet on their system is vulnerable to the entire "ransomware" portion of the Cerber malware; and if someone doesn't even have another copy of their wallet but keeps an ungodly amount of value in it, could very well be facing losses towards the entirety of their wallet. Definitely not a good place to be.

Petya/NotPetya: The Ransomware That Wasn't Actually Looking to Ransom Anything

You've heard of the Petya ransomware by now. The surge, which hit around 64 countries by June 27th, infected an estimated 12,500 computers in Ukraine alone, hitting several critical infrastructures in the country (just goes to show how vulnerable our connected systems are, really.) The number one hit country was indeed Ukraine, but the wave expanded to the Russian Federation, Poland, and eventually hit the USA (the joys of globalization, uh?) But now, some interesting details on the purported ransomware attack have come to light, which shed some mystery over the entire endeavor. Could it be that Petya (which is actually being referred to as NotPetya/SortaPetya/Petna as well, for your reference, since it mostly masquerades as that well-known ransomware) wasn't really a ransomware attack?

Several Critical Ukrainian Targets Hit by "Petya" Ransomware, Fear of Outbreak

After last month's WannaCry outbreak (which persisted in its effects as recently as last week), we now have a new variant of ransomware infecting PCs across Europe. The outbreak seems centered in Ukraine, where several government facilities and critical pieces of infrastructure have been shutdown due to the attacks. The Ukrainian government seemed almost defiantly optimistic, posting this decidedly awesome response to twitter during the attack.

South Korean Company Nayana to Pay $1 million in Bitcoin After Ransomware Attack

Ransomware has been seeing an increasing amount of interest in the tech world, motivated not only by the increase in number and severity of attacks, but also by the fact that some companies do elect to pay the demands. In this case, Nayana, a South Korean web hosting provider, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin. This decision comes following a ransomware infection that encrypted data on customer' servers. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

The attackers initially asked for a ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After negotiating, the final amount came to 397.6 Bitcoin, which amounted to roughly $1 million at the time (Bitcoin is currently at $2744.56, so right now, those 397.6 Bitcoin are worth roughly $1.1 million dollars). The company has already paid two of the three payment tranches, and expects the decryption operation to take up to ten days due to the vast amount of encrypted data. If the data is liberated at all, that is, which can't really be counted upon, now can it?

CD Projekt Red: We Will Not Give In to the Demands of Thieves

CD Projekt Red are the world-renowned studio responsible for RPG masterpiece The Witcher 3: Wild Hunt and the two other less known, but still great Witcher RPGs before it. The company is one of the most gamer-oriented, generous game developers out there today, bar none. I say this, because this is a company who did some missteps before, but quickly backed out of them and that have created one of the most memorable and successful open-worlds to date. This is the studio that offered not only a soundtrack CD with their standard edition of the game, alongside a full-color map of the game world, but also went to the lengths of including a small letter to thank us for choosing their game over others. These developers offered 16 pieces of DLC with their game, DLC pieces that other studios had been (and have been) charging customers for.

The company outlined above have come forth in a tweet, publicly calling out an attempt from thieves to ransom stolen development files on the studios' upcoming sci-fi Cyberpunk 2077. CD Projekt Red said that they will not give in to demands from the individuals that have contacted them, and acknowledge that the public release of those files is likely to happen as a result. The studio also goes on saying that these files (if they even come to public now that their value has been thoroughly cut down) are "largely unrepresentative of the current vision for the game." I don't know about you, but I'd much prefer to get some info on CD Projekt Red's next project from themselves.

P.S.: This editor Is sorry for the above post looking eerily similar to a rant. I just have a low tolerance for this kind of behavior from any part, but most of all, when the targeted party is actually one of the studios that is more deserving of gamers' respect.
Return to Keyword Browsing