ProPublica Study Discovers Most Hackers Get Paid Off in Bitcoin for Ransomware Demands (Up 89% in 2019)
- ProPublica reveals 89% increase from Q4 2018 to Q1 2019 in average ransomware payouts.
- Many recovery companies choose to pay out the hackers, though others still attempt to decrypt the data without paying.
Hackers of the tech industry are extremely clever, which is only proven by how many scams that they have performed through the last decade, especially against cryptocurrency. Ransomware is a type of software that often locks up the access that consumers and businesses have to their computers, as the hackers demand to be paid a ransom to give back access. In a new study by ProPublica, researchers discovered that most solutions for this type of attack eliminate hackers by giving them exactly what they want – a payout.
Coveware experts have found that the activity surrounding ransomware has increased on a weekly basis. However, most companies either cannot afford the downtime or simply do not want to lose productivity, so they give in. CoveWare now states that the attacks with this software have increased during the first quarter of the year by 89%.
During Q4 of 2018, the average ransom reported was $6,733, whereas Q1 2019 is showing the average ransom as $12,762. With this increase, CoveWare explains that more expensive versions of the ransomware are being created, like Ryuk, Bitpaymer, and Iencrypt. These ransomwares are developed for the purpose of attacking “larger enterprise targets.”
After hackers manage to infect a computer or network of computers, the big issue for users is the access to their data. Recovery firms, as ProPublica found, will pay up, though they charge a premium for their services. The report states, “Proven Data promised to help ransomware victims by unlocking their data with the ‘latest technology,’ according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.”
MonsterCloud, a Florida-based company, has its own way of recovering data for victims, paying the ransom to hackers, but they do not always tell the victims that they have done so. This company still charges fees to the companies, along with the ransom amounts, since they offer services to users to further protect against attack sin the future. When speaking to their victims-turned-clients, the actual employees of these companies usually use an alias for privacy protection.
All of this data from the research companies comes down to one fact – ransomware is making progress, and the public is suffering. Authorities recently hoped that these attacks would start dwindling after they indicted two Iranian hackers as a result of their SamSam ransomware. Instead, the opposite reaction happened – the attacks rose.
Many people believe that the rising levels of attacks are due to how lucrative that ransomware has proven to be. These hackers get paid as a result of the negotiations that recovery companies make, so why wouldn’t they? Still, there are many companies that offer recovery options, and there are security researchers that have been working towards promoting free methods of recovery as well.
Still, the hacks are getting worse and worse. CoveWare even admits that they have negotiated with a few of the scammers before, saying that the negotiations are the simplest ways to regain access to the data. However, whether intentionally or advertently, these negotiations effectively fund terrorism, and the progress in the development of ransomware has made it even harder to decrypt the hacked computers. It looks like the decryption processes have at least improved a little though, because CoveWare reports that the downtime has decreased from 7.3 days to 6.2 days by Q4 2018.
The CEO of CoveWare, Bill Siegel, says that it is not quite the negotiation with “terrorists,” even though it seems that way. This year alone, the company has already negotiated for hundreds of cases, and there are so many different kinds of hackers with different demands.
Siegel clarified that, from what the company has found, most hackers “are relatively normal people that don’t have legal economic prospect that match their technical abilities.” He added that the people that tend to attack live outside of the Western law enforcement that would act against them.
CoveWare has a particular process with dealing with these hackers, starting with evaluating communications patterns. Since so few groups of threat actors are active in the industry simultaneously, it is pretty easy for the company to identify them. There are multiple tactics that the company uses to create their own negotiation strategy, which is customized to their clients. Apart from the communication that is required to negotiate on behalf of the client, CoveWare doesn’t continue interacting with the hackers.
MonsterCloud’s Zohar Pinhasi has said that his company uses both recovery and ransom payouts to reclaim access to the data. However, the choice of which method to use is discussed beforehand with the client, and the company is actually a cyber security company instead of a data recovery. Furthermore, if MonsterCloud is unable to recover the data of their client, the services are subject to a money-back guarantee.
No one likes losing out on money that they did not have to sacrifice in the first place, but it is a better alternative than losing access to computer data forever.