By Bill Minahan | July 10, 2019 | 0 Comments
Ransomware attacks have been on the rise since 2013. There are now over 500 families of ransomware and almost all of them demand payment in Bitcoin.
Bitcoin provides a secure and anonymous payment method that cybercriminals can use to extort large sums of money from companies and governments alike. Like many other technologies, Bitcoin has many legitimate uses but has nonetheless given cybercriminals an easy, cost-efficient, and safe way for their illicit activity to go untracked. These factors, indirectly produced by Bitcoin, fuel the incentive for ransomware attacks.
In the last few months alone, cities in half a dozen states across the U.S. were attacked by ransomware that demanded large sums of money in Bitcoin.
In June 2019, ransomware attacks hit three Florida municipalities—Key Biscayne, Lake City, and Riviera Beach. Lake City paid 42 Bitcoin (almost $500,000) and Riviera Beach paid 65 Bitcoin ($600,000) to hackers. The hackers restored their files after payment, but this isn’t always the case in every ransomware attack.
Hackers frequently fail to restore access to an organizations’ data even after they pay the ransom. Furthermore, sometimes it puts a target on their back for other hackers to extort money.
Lake City mayor Stephen Witt told a local news station “I would’ve never dreamed this could’ve happened, especially in a small town like this.”
Other cities, such as Baltimore, refused to pay the ransom but sill paid a hefty cost to disinfect their systems. Baltimore’s budget office estimates the ransomware attack to cost at least $18.2 million in the coming year—a combination of restoring data and lost revenue.
After the attack, Baltimore shut down daily operations, critical city services, and inconvenienced thousands of residents for weeks.
In one report Charles Carmakal, CTO of FireEye Mandiant, raised concern about general public safety during cyber attacks on local governments.
“Hackers have been able to encrypt systems and encrypt data that are essentially critical to these cities,” Carmakal said. “If people call 911 and can’t get ahold of them, it could potentially kill people.”
Municipals and other industries, such as healthcare, are often targeted because of their outdated systems, lack of security, and willingness to pay the ransom. It can depend on the value of the data encrypted and the potential loss of revenue.
Hackers were extorting money from individuals and companies long before crypto-currencies such as bitcoin. However, early hackers used traditional means such as pick up locations and the postal service to retrieve their payments. Later, they used third-party services such as PayPal and Western Union to wire money.
But they all had something in common: a paper trail law enforcement could follow.
Bitcoin fuels ransomware attacks because it allows cyber criminals to change their addresses over and over again for each online extortion. Companies can directly pay hackers the ransom with no loose ends.
Bitcoin allows hackers from all over the world to attack companies and governments and receive secure payments. Hackers have more incentive to demand higher payments because law enforcement can’t track or reprimand them.
The FBI’s official recommendation is to not pay when hit with ransomware. However, as Baltimore proved this spring, it can be far more costly to not pay. Each company and attack face a different set of dilemmas when deciding whether to pay.
The best thing companies can do today is to be aware of their weaknesses, prepared in their protocols, and proactive in their defense. If you are hit, seek consult from cyber security professionals who can accurately determine the extent of the threat.