Fewer Companies Are Paying Ransoms To Hackers, Researchers Say (bloomberg.com) 23
Fewer companies that are infected with ransomware are coughing up extortion payments demanded by hackers, according to new research from Chainalysis. From a report: In findings published on Thursday, the blockchain forensics firm estimated that ransom payments -- which are almost always paid in cryptocurrency -- fell to $456.8 million in 2022 from $765.6 million in 2021, a 40% drop. "That doesn't mean attacks are down, or at least not as much as the drastic dropoff in payments would suggest," according to the report. "Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers." Chainalysis also said the actual totals could be much higher, as there are cryptocurrency addresses controlled by ransomware attackers that its researchers haven't yet identified.
Profitable criminals don't stop (Score:4, Insightful)
The Subject pretty much covers it, but I would extend it to the email spam problem.
Proof of Concept: All of the pump-and-dump stock-scam spam you no longer receive. After some researchers proved the spammers had a money tree, they changed the rules to remove the money and the spam (of that particular flavor) went away. But most people have trouble seeing what isn't there now?
Re: (Score:3)
Indeed. We probably need laws to either force ransomware preparations (not that hard: Have a working offline or WORM backup) or outlaw ransom payments. Incidentally, the EU now has a push for a legal requirement for businesses that are somewhat critical to have reasonable IT security.
If the hackers never got paid (Score:3)
napkin math for the economics (Score:2)
their overhead is low. once you find an exploit, you can throw everything at the wall and see what sticks. even having a success rate of 1 in 100 for a payout is going to be profitable if you are able to automate and run this against 100's or 1000's of targets a day. Each business might only net you $10K - $100K, but nothing says you can't have many of these ransoms going in parallel. Might be a full time job doing too many, but the pay could still potentially be significant.
How has MS not crushed this by now? (Score:3)
How hard is it to make a little popup that says "It looks like this program is trying to encrypt all the files on the server. I have stopped the process. Do you wish to continue?"
Re: (Score:2)
How hard is it to make a little popup that says "It looks like this program is trying to encrypt all the files on the server. I have stopped the process. Do you wish to continue?"
Alright then. I challenge you to whip up a quick MOTD broadcast to do exactly that across the average enterprise as a test.
Just see how many users click "Yes".
Gut feeling is you'll have your crushing answer.
Re: How has MS not crushed this by now? (Score:2)
This reminded me of all the âoefunâ that was had with the old âoenet send /domain...â command.
Re: (Score:2)
I think you should get Funny for your "special" character problems, but it's actually informative and illustrative of the problems with legacy software.
We are so fscked.
Re: (Score:2)
MS already warns me if some new program is mucking with my files in some of the protected user folders like Documents. You can configure any folders you want to be protected or unprotected, if you're a reasonably competent IT admin with a good sense of what applications are being used on employee's systems.
But honestly, MS implemented this about 10 years too late. They never took malware, trojans, and viruses are seriously as they took selling us re-skinned operating systems.
How have all not crushed this by now... (Score:1)
If nothing else the onslaught of ransomware should have by now ensured that every single company on the planet could replace any and all servers within a day and lose only some tiny amount of data.
That alone would render ransomware powerless.
Re: (Score:2)
Hmmm...really hard. To understand this, you have to understand the sheer volume of file-writing activity that goes on in the Windows file system. Open Task Manager and take a look at disk activity. There's always something being written somewhere. How would Windows know what is legitimate and what isn't? What criteria would it use? It can't tell whether binary data is encrypted, or just binary.
Windows Defender has just such a warning. Whenever it pops up, it's always been warning be about something I knew I
Re: (Score:2)
How hard is it to make a little popup that says "It looks like this program is trying to encrypt all the files on the server. I have stopped the process. Do you wish to continue?"
User: "yes damn it, I want my Unicorn screensaver and tick tocks".
Popups have done exactly fuck all for security as users have learned to dismiss them without even reading them.
Well over $450 million spent, though... (Score:3)
Even with this big drop-off,you're still looking at insanely good chances of profiting from locking down a company's data and promising to unlock it again for a price.
Honestly, I get how companies can get hit with ransomware. Some of the phishing emails that get past our O365 junk mail filters are really well-crafted. It's bad enough so when H.R. paid a firm to handle surveying a group of our managers via email to respond with customized training? Almost none of them took the survey. Instead, they marked it spam or suspicious and several of them put in trouble tickets asking us to block it company-wide! Our first-level help desk staff believed it was phishing mail too but escalated it to our group to make sure. That's when I realized the sender was an address I'd been specifically asked to whitelist, months earlier, by H.R.
So absolutely ... a user can be tricked into opening something sneaky. These days, they're usually smart enough not to even try to attach the malware to the email itself. They just try to get you to visit a web page that tricks you into willingly installing it from there.
The issue, though, is that sysadmins should be doing something to ensure regular backups are made (and usable!) of all the important data. If you feel you have to pay a hacker to unlock your stuff, then you failed at your job of backing up your data sufficiently.
Re: (Score:2)
Even with this big drop-off,
if there is such at all. "chainalysis also said the actual totals could be much higher". let that sink in: "payments might be lower, but they could be higher aswell". so they have no clue. more likely it's just another crypto intelligence fad business publishing colorful reports about how little clue they actually have, but still think you absolutely need their service.
Re: (Score:2)
It sounds like your colleagues are very well trained, actually. I’d rather far too many false reports of phishing emails than a single BEC success.
Wait, you mean... (Score:1)
...executives are finally realizing that good offline backups still have value?
Hey, one can dream.
Re: (Score:3)
Re: (Score:2)
A shockingly large number of Fortune XXX enterprises are unprepared for this, even with all the high profile hacker wedgies that have been delivered to major enterprises to date. An air-gapped backup of all critical data is table stakes these days.
Re: (Score:1)
An air-gapped backup of all critical data is table stakes these days.
Unless these conversations are tabled at the Board level, they certainly won't be tabled elsewhere.
Why would CxOs want to "waste" money that is otherwise their executive bonus...