Ripple CEO: US Regulators Need To “Step Up And Lean Into Digital Currencies” Bitfury’s Bitcoin Mining Programme Allows New Institutional Investment Swiss Government Supports Blockchain Startups Offering Over $10 Million USD The Top 5 Cryptocurrencies to Mine [2020] Coldplay Bassist Launches Into Cryptocurrency, Backing New App The Coinbase Pump: OmiseGo (OMG) Sees A Massive Surge JPMorgan: Digital Currency Threat To Dollar Domination Coinbase Adopts A Remote-First Approach After Lockdown Lifts Bank Of France Successfully Launches Blockchain-Based Project Supernodes Across Europe Attacked By Cryptojackers To Illicitly Mine Monero Andreessen Horowitz On Crypto Entrepreneurs: “Excited To See What They Build”

1d
coininsider

Bitcoin Presents Good Opportunities To Short

1d
cryptodaily

Beware of False Bottoms: Comparing Bitcoin and the S&P 500 to 1929’s Great Depression

1d
bitcoinist

Never Let Another Arbitrage Opportunity Pass Again with 24/7 Bitbengrab Trading » The Merkle News

1d
cryptonewmedia

Crypto-Powered Brave Browser Launches Privacy-Centered Zoom Competitor

1d
cryptoglobe

Goldman Sachs Still Has No Love for Bitcoin, but Market Does Not Seem to Care

1d
cryptoglobe

BitGreen Initiative is Folding@Home to Fight COVID-19.

1d
cryptodaily

CryptoKitties Creator Debuts NBA Game on Its Own Blockchain

1d
cryptonewmedia

Is Bitcoin Leveraged Trading Only For Veterans and Where Should Beginners Turn to?

1d
nulltx

A High-Profile Acquisition Shows Bitcoin Demand from Institutions is Surging

1d
bitcoinist

Justin Sun: “Craig Wright is a fraud.”

1d
cryptodaily

Breaking: Goldman Sachs Includes Bitcoin Alongside Gold In Client Call

1d
coingape

Governor of France’s Central Bank ‘Pleased’ with Negative Interest Rates

1d
beincrypto

How a Trader Lost $1,200 in 100 Seconds » The Merkle News

1d
cryptonewmedia

The unpredictable nature of BTC following its halving. Could it hit $1m in the next 10 years?

1d
cryptodaily

Crypto.Com Exchange Extends Its Card To Over 30 Countries In Europe

1d
coingape

Three New Crypto Exchanges That Rival the Big Guns

1d
cryptonewmedia

RBI brings clarity to bitcoin situation in India

1d
cryptodaily

No, Goldman Sachs Doesn’t Think Bitcoin is the Next Big Thing

1d
newsbtc

Internal Struggle at the Biggest Bitcoin Mining Equipment Manufacturer Persists

1d
newsbtc

AMZN Stock Down 0.16% Now, Amazon in Talks to Buy Zoox

1d
cryptonewmedia

Bitcoin Whales Prop Up Crypto Markets As Bulls Regain $9,000

1d
zycrypto

Goldman Sachs Says Bitcoin ‘Not Suitable Investment’ in Hyped Client Call

1d
beincrypto

Bitcoin Jumps $9,100 as Dow Prepares For Massive 400-Point Open

1d
newsbtc

Coinbase Outbids Binance to Acquire Crypto Prime Broker Tagomi in All-Stock Deal

1d
cryptoglobe


Study Finds Most Ransomware Solutions Just Pay Out Crypto

coindesk

1yr ago

A study by ProPublica found that most ransomware solutions providers have one weird trick for getting rid of hackers – paying them off.

Ransomware activity is growing weekly according to experts at CoveWare. The result? Companies who just want to pay the ransom and move on.

According to CoveWare, ransomware attacks were up in Q1 2019:

In Q1 of 2019, the average ransom increased by 89% to $12,762, as compared to $6,733 in Q4 of 2018. The ransom increase reflects increased infections of more expensive types of ransomware such as Ryuk, Bitpaymer, and Iencrypt. These types of ransomware are predominantly used in bespoke targeted attacks on larger enterprise targets.

Once hackers encrypt an infected computer, however, the real question is how to unlock your data. ProPublica found that many data recovery firms simply pay the ransom and then charge a premium for their trouble.

Proven Data promised to help ransomware victims by unlocking their data with the “latest technology,” according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.

Another U.S. company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found. The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.

Ransomware is getting worse.

After US Attorney General traced and indicted two Iranian hackers for releasing ransomware called SamSam, authorities hoped the prevalence of attacks would fall. Instead, it rose, beating 2018 levels considerably.

The reason, many believe, is because ransomware is so lucrative. Hackers can launch an attack and then, when the victims discover the hack, they negotiate briefly with companies like MonsterCloud and others to unlock the computers. However, many of these companies offer recovery methods and many security researchers work on free methods this one for the popular WannaCry ransomware.

Unfortunately, the hacks are getting worse and the software necessary is getting more complex.

CoveWare admits to actually negotiating with scammers. They’ve found it to be one of the simplest methods for getting data back. The concern, however, is that these efforts are inadvertently funding terrorism. Further, they write, it is taking longer to decrypt hacked computers, thanks to new versions of the ransomeware. In Q1 2019, wrote CoveWar, the “average downtime increased to 7.3 days, from 6.2 days in Q4 of 2018.”

CoveWare CEO Bill Siegel has found that the average ransomware recovery isn’t really a negotiation with “terrorists” as US Government officials believe. They’ve negotiated a “few hundred” ransomware cases this year and find that each hacker is different and often just frustrated.

“Our sense based on our study of the industry and experience is that the vast vast majority are relatively normal people that don’t have legal economic prospects that match their technical abilities,” Siegel said. “They also live in parts of the world that are beyond the jurisdiction of Western law enforcement, and are ambivalent about stealing from the West.”

Their process for talking with the hackers is also quite precise.

“We study their communications patterns so that we can build up a database of experience. There is a surprisingly small group of threat actors that are active at any given time, so identifying them is relatively straight forward. From there, we have scripts and tactics that we have honed over our experience. We draw on those to develop a negotiation strategy on behalf of our client. We know the hackers based on the profile and patterns they exhaust. We don’t communicate with them outside of representing our clients in a negotiation. All of the data exhaust we create from our cases is provided to law enforcement on a quarterly basis as well.”

Zohar Pinhasi of MonsterCloud said his company worked hard to use both methods – recovery and ransom.

The recovery process varies from case to case depending on the scope and nature of the cyber attack. Our methods for achieving data recovery and protection are the product of years of technical experience and expertise and we do not disclose the process to the public or to our customers. That is communicated clearly up front. However, what I can tell you is that we are a cyber security company, not a data recovery company. We have vast knowledge and experience dealing with these criminals, and we spend countless hours staying atop their evolving methods in order to provide our clients with protections against all future attackers, not just the one infiltrating their data at the time they come to us. We offer a money back guarantee to any client if we are unable to recover their data, and to date we have not had a single client report a follow-up attack from the same criminals or any other attacker.

While sending a few thousand BTC to a strange address might not sit well with many victims, it still looks like the best way to reduce downtimes. After all, it’s the organization’s fault for catching the ransomware bug in the first place. Prevention, as they say, is often better than the cure.

Regarding any copyrights issue, please contact us:content@hashbee.com.

0 comments