Bad Actors Still Raking Profit From Ransomware

Bad Actors Still Raking Profit From Ransomware 1

The most efficient malware used by cyber crooks is Ransomware. Affecting everyone and everything it continues to wreak havoc on a global scale, from regular Internet users to enterprises to critical infrastructures. So why do hackers still win?

Cyber criminals who unleash ransomware have learned that attacks targeting large corporations yield much more profit than the en masse attacks on random endpoints. At the same time, these large infrastructures still rely on unpatched/unpatchable, legacy systems that are highly vulnerable to cyber-attacks.

When victims are left without a choice

Ransomware families like WannaCry, NotPetya, GandCrab, Ryuk, SamSam and, more have inflicted billions of dollars of damage worldwide, crippling businesses and critical infrastructures alike.

The attack on Garfield County in Utah, where officials paid the ransom in Bitcoin to regain access to their systems and data. The type of ransomware used in the attack is not known, but it is believed operators encrypted not just the county’s live data, but also the backups, leaving them no choice but to pay and hope to get back what was theirs. However, paying the ransom doesn’t always yield the decryption keys from the attacker, either because, the attack was only meant to disrupt.

Big businesses on Target

The Garfield County attack is just one example where the victim had no choice, but to cave into the attackers’ demands. GandCrab operators reportedly demanded $700,000 to decrypt per server. Some paid, while others didn’t.

Refusing to pay the ransom doesn’t deter attackers, because they know they stand a good chance of getting paid if the damages are high for the victim. For example, in the City of Atlanta last year, when SamSam struck, Norsk Hydro this year, and crippled its aluminum smelting facilities and power plants. The victims incurred losses in the tens of millions of dollars, making one wonder what the outcome would have been had they paid? These attacks make headlines that future victims will read and ponder, increasing their anxiety – and the likelihood that one or two will cave in and pay.

Another emerging trend in recent years is targeting healthcare facilities. This again the IT administrators find it easier to consider paying the ransom. The reason is simple: freezing a medical canter’s operation puts lives at risk and patient health history could be lost forever.

How to stop the attack – better safe than sorry!

Ultimately, the attackers know that targeting big player will yield handsome money. With their greedy demands, ransomware operators are raking a moolah. That’s why it is important that organizations should equip themselves with the knowledge, and technology to detect and prevent a ransomware attack.


Related Resources:

Community Efforts Against Ransomware

How to Remove Pewcrypt Ransomware

Decryption Tool Developed by Talos for PyLocky Ransomware

2018 Year-in-Review: The NoPetya/Petya Ransomware Incidents


Leave a Comment


Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password