Tag: payments | SpinSafe

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

April 19, 2024/in Internet Security

More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.

Ransomware Q1 2024

Victim organizations are increasingly able to withstand an encryption attack and restore operations without the need for a decryption key, they said, and the stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee.

“LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site (a reboot / rebrand of Hive),” the company said, noting that “future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term.”

Recent events are changing the ransomware ecosystem

With the distruption (temporary or otherwise) of big players like LockBit and Alphv/Blackcat and their attempts to cheat their affiliates of their due share for a successful attack, many affiliates have started searching for a safer port in the storm and smaller ransomware-as-a-service (RaaS) groups are trying to entice them to join their network.

GuidePoint researchers have recently advised ransomware victims (mostly small and medium size businesses) to think twice before paying off smaller/immature RaaS groups as they:

Have less to lose if they don’t keep their word
Often exaggerate their claims
Often re-extort their victims.

Sophos X-Ops has also discovered 19 cheap, crudely constructed ransomware variants that are being sold primarily on dark web forums to wannabe cybercriminals that want to avoid sharing their profits with (and getting ripped off by) RaaS gangs.

“These types of ransomware variants aren’t going to command the million-dollar ransoms like Cl0p and Lockbit but they can indeed be effective against SMBs, and for many attackers beginning their ‘careers,’ that’s enough,” says Christopher Budd, Sophos’…

Source…

What if we made ransomware payments illegal?

April 15, 2024/in Internet Security

The September 2023 ransomware attacks against Las Vegas casinos are a great opportunity to examine the challenges enterprises face when they are attacked by ransomware.

In a sort of “Choose Your Own Adventure” version of addressing the problem, while Caesars reportedly paid a $15 milllion ransom to the perpetrators (Scattered Spider) and quickly returned to normal operations, MGM chose not to pay the same group when they were attacked. MGM’s choice, while aligned with the U.S. Government’s stance on ransomware payments, resulted in 10+ days of impact to MGM that generated a reported loss of $100 millon.

It doesn’t take a math wiz to realize that the choice Caesar’s made was $85 million less expensive than the route MGM took, and that’s before accounting for whatever losses were covered by their cyber insurance policy.

With that in mind, why does the federal government still strongly advise against paying the ransom? Answer: The government (FBI) focuses on the big picture, not any single event. Paying ransom addresses an immediate problem, while not paying ransom exponentially increases the immediate pain. The former focuses on one’s own needs as a company or security practitioner, while the latter requires accepting the consequences of upholding a policy that’s in everyone’s best interest.

The divergent responses to the casino attacks demonstrated that not everyone will accept a bigger loss to uphold a greater good. We can’t expect to address that through volunteerism, particularly when quarterly profits are the most important metric for profit-making companies. The leaders get paid for meeting that metric. When our eyes are focused on short-term goals, long-term needs are subordinated, and business leaders don’t willingly make decisions that require them to suffer for the benefit of others.

Since cybercriminals are motivated almost exclusively by money, if they know organizations are willing to pay ransom to regain access to their systems and data – even without guarantees the criminals will deliver on those promises – they have a perpetually strong business model. When we also consider that there are at least 100 active ransomware gangs ranging from…

Source…

Former NCSC chief calls for ransomware payments ban, but cyber security experts aren’t keen

March 4, 2024/in Internet Security

The former chief executive of the UK’s National Cyber Security Centre (NCSC) has called for the government to ban organizations from making ransomware payments.

Writing in The Times, Ciaran Martin, who served as the NCSC’s inaugural chief executive, suggested a ban could help put a stop to the ever-increasing proliferation of ransomware, referring to the ‘apparently sanguine attitude’ of British policymakers to cyber criminals groups.

“Ransomware is by far the most damaging cyber threat to most businesses right now. We have to find a way of making a ransom payments ban work,” he wrote.

Martin suggested that any ban would need a better support network for affected companies. However, the lack of such a policy is in part down to the US’ reluctance to introduce a ban amid concerns that it would unreasonably constrain businesses.

Similar concerns have been raised that this could be a particular problem for the country’s hospitals, many of which are in the private sector.

Currently, many governments, including the UK, have a policy that they won’t pay ransoms themselves. In October 2023, 40 countries pledged their support for the International Counter Ransomware Initiative (CRI) as part of an effort to create a more aligned global approach to cyber crime.

Participating nations agreed not to make payments and pledged to share information and create a blacklist of digital wallets being used to deposit and move ransomware payments.

The official advice for UK-based companies is that they should not pay ransoms under any circumstances. The NCSC suggests that even when companies do so, there’s no guarantee that they will get access to their data or systems back, that computers will still be infected, and that those who pay are more likely to be targeted in the future.

Across the cyber security community, there are mixed feelings about whether or not a ban should be introduced.

Oliver Norman, vice president for UK and Ireland at data management firm Veritas, said that regardless of a ban, the outcome of incidents will remain the same, with organizations more likely to be targeted in future and given no guarantees of having data safely returned.

“Whether banned or not, paying not only puts a…

Source…

Ransomware attack on UnitedHealth hits provider payments

March 3, 2024/in Internet Security

A weeklong ransomware attack on key units of the UnitedHealth Group is leaving healthcare providers across the United States struggling to process payments.

According to the American Hospital Association, large hospital chains and smaller-level providers have been locked out of processing payments. Although large systems have been able to absorb the blow financially, smaller providers are already beginning to run low on cash as they take on the costs of being unable to collect from patients.

The UnitedHealth Group is one of the largest health benefits organizations in the United States, directly insuring over 27 million Americans in individual and employer plans, as well as nearly 14 million seniors on Medicare with private supplemental coverage.

UnitedHealth’s Change Healthcare, a critical linchpin for processing payments and revenue cycle management for UnitedHealth, has been incapacitated for more than a week after a hacker gained access to the network.

The attack has also thwarted prescription refills and renewals for pharmacies across the U.S., ranging from small independent firms to larger entities like Walgreens.

“This attack is not only on Change Healthcare but is an attack on the entire health care sector that depends upon the availability of Change healthcare services technology,” said the AHA’s national adviser for cybersecurity and risk, John Riggi.

The source of the attack and the actors responsible have not been officially identified.

A filing with the Securities and Exchange Commission from last week indicates that UnitedHealth “identified a suspected-nation-state associated cyber security threat actor” entered the information technology system on Feb. 21.

Sources close to the matter, however, reported to Reuters this week that a criminal gang known as “Blackcat” or “ALPHV” may be responsible for the attack. Blackcat reportedly did not respond to Reuters‘ request for comment.

Organizations that experience high-impact ransomware attacks can take several months to fully restore capacity, according to Riggi.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Although patients should not experience disruptions to care, the cash flow upholding…

Source…

Tag Archive for: payments

Recent events are changing the ransomware ecosystem