Unless you have been living under a rock, you should have realized by now that the internet is by no means a safe place. Ransomware attacks might be old as gold but they are still going viral. Believe it or not (irony here), ransomware attacks and cryptocurrencies have formed an outstanding pair in recent years.
Ransomware analytics firm Coveware, recently discovered that in Q1 2019 alone, the number of cryptocurrency payments made to attackers rose by the staggering 90 %, compared to Q4 2018. On average, the bad guys received $12,762 in crypto per day. In contrast, in the previous quarter, the daily payments were almost twice down - $6,733. According to Coverware, fancy and intelligent viruses are to blame.
Unsurprisingly, it is Bitcoin that dominates the trend. As much as 98% of all payments were made in BTC, as almost none of the attacks asks ransom in another form of digital money. Since Coveware receives hundreds of ransomware complaints, it has gathered just enough data to conduct its analysis. It turns out that one single attack is responsible for the 90% increase – Ruyk. Unlike other ransomware that cost less than $10,000 per attack, Ruyk demands $288,000.
“The ransom increase reflects increased infections of more expensive types of ransomware such as Ryuk, Bitpaymer, and Iencrypt. These types of ransomware are predominantly used in bespoke targeted attacks on larger enterprise targets.“
However, Ruyk is not the most popular ransomware as GrandCrab and Dharma lead the race.
“The 3 most common types (Dharma, Ryuk, and GandCrab) are unique in their distribution methods, targets, and costs. Dharma continued to be operated by an increasing number of technically unsophisticated groups, which depressed data recovery rates despite rising ransom amounts. Ryuk continued to target larger enterprises and shock victims with egregious ransom demands. GandCrab continued to innovate distribution channels, with the developers bundling it with new and popular exploit kits,” the report reads.
What they have in common is their modus operandi. The malicious software locks out crucial data on the victims' computers, thus making it inaccessible. Supposedly, once the ransom is paid, the data becomes accessible again.
Read the full article