Wednesday, February 12th 2020
Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946
A Report via the New York Times paints an increasingly challenging picture for security specialists, technology users and businesses. Security firm Emsisoft reported a 41% increase in ransomware attacks in 2019 (in the US) compared to the previous year (up to 205,280 distinct attacks). The advent of cryptocurrencies with built-in anonimity, such as Monero, have become the favored extortion method employed by wrongdoers, shielding them from the usual checks and balances of the banking system. And with increasingly complex tools in the hands of hackers, plus the advantage of first strike new attacks enjoy, ransomware is becoming harder and harder to battle. According to the New York Times, citing security firm Coveware, the average payment for file decryption in 2019 rose to $84,116 in the Q4 2019, double what it was just in Q3. And in the last month of the year, the average decryption payment jumped more than twofold to $190,946.
Ransomware works by deploying a payload on a users' system that then proceeds to selectively (or wholly) encrypt the data found on the machine's storage drives. Then a cryptocurrency address is shown to the affected user, alongside an instructional message on how to proceed. Of course, payment of the required ransom doesn't always lead to a recovery of the data - as in all criminal dwellings, chances are users both lose their data (which can always be sold to third parties) and money. And there's always another factor to consider: that of lost operations, and thus opportunities at revenue, for companies, or the indirect consequences and costs derived from meddling with systems as fragile as public health and taxation systems. The city of Baltimore, for example, was a very high profile victim of a ransomware attack which saw around 10,000 government computers being locked down, with an estimated cost set at $18 million. The full potential cost of these attacks on US soil alone is estimated at $7.5 billion, with major targets being healthcare providers (764 instances), state and municipal agencies (113 instances) and universities (89 in total, with an estimated 1,233 individual schools potentially affected).
The Emsisoft report is a very interesting read into the consequences of ransomware on today's globalized society and (sometimes for the best, other times, for the worst) tight-knit, interacting systems. Below you'll find a list of actual consequences from a number of ransomware attacks across various sectors, but you can find the full report in the source link.
Sources:
Emsisoft, via TechSpot
The Emsisoft report is a very interesting read into the consequences of ransomware on today's globalized society and (sometimes for the best, other times, for the worst) tight-knit, interacting systems. Below you'll find a list of actual consequences from a number of ransomware attacks across various sectors, but you can find the full report in the source link.
- Emergency patients had to be redirected to other hospitals.
- Medical records were inaccessible and, in some cases, permanently lost.
- Surgical procedures were canceled, tests were postponed and admissions halted.
- 911 services were interrupted.
- Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
- Surveillance systems went offline.
- Badge scanners and building access systems ceased to work.
- Jail doors could not be remotely opened.
- Schools could not access data about students' medications or allergies.
27 Comments on Cybersecurity in 2019: Ransomware up 41% in the US Alone, Average Decryption Price in December 2019 set at $190,946
nltimes.nl/2020/01/24/maastricht-univ-paid-eu250k-ransomware-hackers-report
Governments does not seam to treat this as Terrorism, an attack on the infrastructure of the society, and that is a major problem.
These guys are getting bolder each year and are attacking more and more critical infrastructure in our society like hospitals, transportation and energy facility's etc etc
Bet you lot of the money goes straight in to real terror organizations to finance training, weapons and planing new attacks.
As it is now they operate with minimal risk getting caught. Brand them as terrorist's and start taking them out with drones.
Mostly small businesses, and the only thing I see in common, is that all of these retards decided to save a little money by using pirated software.
Few in TPU care of the AV threads here are any indication but no doubt the web is the Wild West and its a scary place when you look at the logs. RDP brute forces for days.
I'm not saying the stated facts are wrong, they still could be, it would be refreshing to see confirmation on such scare tactics. On the other hand, my tin foil hat might be too tight atm.
Definitely not a scare tactic.
www.nola.com/news/politics/article_7d22e948-3e31-11ea-98bc-9b69342bc6a8.amp.html
www.forbes.com/sites/daveywinder/2019/12/14/new-orleans-declares-state-of-emergency-following-cyber-attack/#cb02dd46a055
abcnews.go.com/US/orleans-city-government-hit-cyberattack/story?id=67731695
It's even more deserved when you realize the main culprit is windows. Imagine paying licenses for windows and office, then in combination with your expanded stupidity of poor security software, you shutdown the city lol.
Gee, could have just used Linux and solved 99% of the security holes while saving millions.
I have more faith in some of the users here than the sysadmins of instagram when it comes to machine security. Thats saying alot, since some on this vary forum think machine security is some kind of corporate plot to make money.
A fun story, my neighbor was scammed by a guy who asked her to buy gold and mail it to him in a standard package, promising an "incredible investment opportunity". She did it, because she's an ignorant old lady who believes Facebook is real, and the guy was convincing. People who install ransomware on a work computer because the email promised them cute kittens are of the same type.
My argument is the same here, yeah it won't fix the problem, but it will reduce the amount overall, allowing law enforcement to do their job easier. Also, that other stuff you mentioned isn't fully ANON like some cryptocurrency is. You should take a stats class, perspective of ratios and percentages is important.
However, none of it really matters. Climate Change, whether caused by humans or not, is going to destroy us within 30 years with mass displacement.This is also makes a lot of sense, I agree.
With principle like Qubes OS (fedora spinoff) is working (each app as a separate VM), even if one cube compromises, the app itself is hard isolated from the core. It ain't that bad with Linux... there are serious people handling it too.