By analyzing bitcoin wallets and ransom notes, the FBI has determined that cybercrime victims paid over $140m to ransomware operators over the past six years.
At this year’s RSA security conference, FBI Special Agent Joel DeCapua presented in his findings during two sessions in which he explained how he was able to use bitcoin wallets and ransom notes collected by the FBI, shared by private partners or found on VirusTotal to figure out how much victims paid in ransom payments.
According to DeCapua, between October 2013 and November 2019, approximately $144,350,000 was paid in bitcoins to ransomware actors. However, this figure does not include operation costs related to these attacks but just the ransom payments that were made.
- New York wants to ban paying ransomware demands
- Donald Trump ransomware spreads dangerous malware
- FBI warns that hackers are targeting software supply chain providers
When it came to the most profitable ransomware families, Ryuk brought in the most money for ransomware operators at $61.26m followed by Crysis/Dharma at $24.48m and Bitpaymer at $8.04m. It’s worth noting that the actual amount of payments made over these six years is likely much higher as the FBI does not have access to all of the data surrounding ransomware attacks, as many businesses keep them secret to prevent hurting their stock prices.
Defending against ransomware
During his sessions at RSA, DeCapua also provided some tips on how companies and individuals can avoid falling victim to ransomware attacks.
DeCapua revealed that the Windows Remote Desktop Protocol (RDP) is the most common method that ransomware attackers are able to gain access to a network before deploying ransomware. In fact, RDP accounts for 70-80 percent of network breaches which is why he recommends that organizations use Network Level Authentication (NLA) for additional protection.
With NLA, clients are required to authenticate themselves with the network before they can actually connect to the remote desktop server. This provides increased security against preauthentication exploits though, DeCapua also suggested that unique and complex passwords should be used for RDP accounts.
Additionally, DeCapua suggests that businesses and individuals be careful of phishing attacks, install software and operating system updates, use complex passwords, monitor their networks and have a contingency plan with backups to prevent falling victim to a ransomware attack.
- We’ve also highlighted the best antivirus software