Billion dollar business
According to data from research firm Chainalysis, publicly disclosed ransom payments nearly doubled in 2023, surpassing the $1 billion mark, making last year a landmark year for the return of internet extortion.
The actual number is certainly much higher, as not all victims go public with their claims. However, the rare bright spot is that ransom payments have been decreasing as the year has gone on, a result of efforts to improve cyber defenses and increased awareness among victims that hackers keep their promises to delete or return stolen data.
Record ransom
While more and more victims of ransomware are refusing to pay ransoms, cybercriminal gangs have made up for the decline by increasing the number of victims they target.
Take the MOVEit hack, for example, where the Clop ransomware group exploited a series of previously unknown vulnerabilities in the widely used MOVEit Transfer software to steal data from the systems of more than 2,700 victims. Many organizations had to pay ransoms to prevent them from publishing sensitive data.
Chainalysis estimates that the Clop group has collected more than $100 million in ransom, accounting for nearly half of the total value of ransomware attacks in the period June and July 2023.
Then, in September, casino and entertainment giant Caesars paid about $15 million to prevent hackers from making customer data public. Notably, the attack on Caesars in August went unreported.
Not stopping there, MGM Resorts - a large resort hotel group, also had to spend more than 100 million USD to "recover" after refusing to pay the ransom. MGM's refusal to pay led to sensitive customer data being leaked online, including names, social security numbers and passport details.
Increased risk
For many organizations like Caesars, paying the ransom is an easier option than dealing with a PR crisis. But as victims increasingly refuse to pay, cybercriminal gangs are resorting to more extreme tactics.
For example, hackers targeted a hospital treating cancer patients last December. More sophisticatedly, the Alphv hacker group (also known as BlackCat) used the US government’s cyber incident disclosure regulations to blackmail MeridianLink, accusing the company of failing to report a “significant breach of customer data and operational information.”
To ban or not to ban paying ransom?
Coveware, a company that specializes in handling cyber extortion cases, assessed that if the US or any other country issued a ban on paying ransoms, companies would almost certainly stop reporting incidents to authorities, reversing the process of cooperation between victim organizations and law enforcement agencies. Not only that, the ban policy would facilitate the market for illegal ransom payments.
Meanwhile, some industry experts believe that banning companies from paying hackers will be a long-term solution, even though it may increase malware attacks in the short term.
Allan Liska, a threat analyst at Recorded Future, said that as long as ransom payments remain legal, the practice will continue. “I used to be against the idea of banning ransom payments, but things are changing,” Liska said. “Extortion is on the rise, not just in terms of the number of attacks, but also the nature of the attacks and the gangs behind them.”
(According to TechCrunch)
Source
Comment (0)