Posted on February 1, 2023 at 8:07 AM
Hackers walk away with $70M Bitcoin in ransomware attacks
Immunefi recently published a report on the types of payments used in ransomware attacks. The report showed that threat actors were taking payments in cryptocurrencies such as Bitcoin. The data shows that 98% of the ransomware payments are demanded to be paid in Bitcoin.
Ransomware hackers walk away with $70M in Bitcoin
Ransomware attacks have become increasingly popular over the past year. In these attacks, the threat actors encrypt a network or a device. They later ask for payment from the individual or organization to relinquish control.
While authorities usually urge firms not to pay the ransom, most prefer to part with the payments because the encryption can cripple their operations. CAN Financial made the largest ransomware payment of $40 million to a threat actor group based in Russia to have their system freed from a malware attack.
Russian threat actor groups are notorious for ransomware attacks. JBS, a global food company, was also targeted by a ransomware attack from a threat actor group operating from Russia. The food company was forced to pay $11 million to the hackers so that they would regain control of their systems.
The other large payment paid in a ransomware attack was by CWT, a travel group located in Minneapolis. Brenntag, a chemical distribution firm, was also targeted by a ransomware attack, with the two companies paying out $4.5 million to the attackers. A different kind of ransomware hit these four companies.
According to the Immunefi report, out of the top ten ransom payments, $70 million was made in Bitcoin. Cryptocurrencies have become a preferred payment method in ransomware attacks because of their private nature. However, given that blockchain transactions are public on the blockchain, the hackers might use other methods, such as crypto mixers and privacy coins, to conceal their activity.
Large organizations are the most affected by ransomware attacks. These organizations usually face severe system disruption whenever their systems are targeted by ransomware attacks, which makes them more likely to make the payment. The report further showed that most ransomware attacks were conducted by hacking groups based in Russia and North Korea.
All the ransomware attacks included in the Immunefi report were paid out in Bitcoin. Bitcoin payments amounted to $69,316,140. The hackers could be looking towards using Bitcoin to settle such large amounts because it is not as challenging as it would be in the traditional financial system.
In the traditional banking system, moving large amounts of funds is challenging. However, with Bitcoin, its decentralized, accessible, and anonymous nature makes it a better means of payment for these hacking groups. Bitcoin payments currently account for 98% of all ransomware payments.
Companies are refusing to pay ransomware
When hackers target organizations with ransomware attacks, they hope these companies will need access to their private data and make the demanded ransomware payment. However, in some cases, some companies refuse to pay for the ransomware and choose to work with law enforcement authorities and cybersecurity companies to restore their systems.
A recent report by Chainalysis revealed that more victims of ransomware attacks were refusing to settle payments with the hackers. While the number of ransomware attacks has remained the same, the likelihood of payments being made has dropped.
According to the Tech Lead of the triaging team at Immunefi, Adrian Hetman, there is a likelihood that the threat actor groups could use a different strain of ransomware that will become harder to contain and force companies to make the demanded ransom payment.
“What has fallen is the number of payments that companies are making. We’ve seen a massive drop of ransomware payments since 2019. However, we may potentially see new strains of ransomware appearing in the wild or the creation of new RaaS [Ransomware as a Service] services,” Hetman said.
He further added that it is always impossible to predict what cybercriminals will be up to next as they operate in an evolving ecosystem. Therefore, individuals and organizations should remain proactive to mitigate the future threat of cybersecurity attacks.
There are numerous strategies that companies can adopt to avoid falling victim to ransomware attacks. However, the most common strategies include installing up-to-date antivirus software and remaining vigilant against phishing campaigns. It is also crucial that an organization maintains a backup of all its crucial information.