Tag Archive for: Victims

Ransomware victims increasingly refuse to pay

/in


Victims of ransomware attacks are less likely to pay cybercriminals to release the encrypted or stolen data. This is according to Coveware research in a quarterly report.

The researchers state that in the first quarter of 2024, 28 percent of companies affected by ransomware paid the requested ransom, compared to 29 percent in the last quarter of 2023.

Companies are paying less because they protect themselves more against these attacks. They are also increasingly able to perform recovery operations themselves and, consequently, are less dependent on a decryption key.

In addition, companies are increasingly being legally forced not to give in to ransomware criminals. For example, the state of Florida in the U.S. prohibits responding to ransomware attacks, as does Australia.

Furthermore, companies often do not pay because cybercriminals don’t keep their end of the agreement anyway. For example, they publish or otherwise trade the stolen data after payment despite promising not to do so.

Lijngrafiek met driemaandelijkse losgeldbetalingen met twee trends: gemiddelde betaling en mediaan losgeld, gemarkeerd door verschillende lijnen, met een dramatische piek in het laatste weergegeven kwartaal.

The average amount of demanded ransom drops

The average ransom price in the past first quarter was $382,000 (358,000 euros), down 32 percent from the previous quarter. However, the median was 25 percent higher at $250,000.

Grafiek die de daling in het aantal oplossingen voor ransomware-betalingen tussen 2019 en 2023 laat zien, met percentages per jaar.

According to the Coveware research, part of the reason the average ransomware ransom price is falling is because criminals recognise they no longer can charge astronomical sums that companies cannot cough up anyway. As a result, criminals are now switching more frequently to asking for more reasonable ransom amounts.

The study states that the drop in ransom prices could be due to fewer ‘high-value’ targets willing to be extorted and, therefore, pay ransoms.

The researchers state that ransomware is still a significant threat and that more than $1.1 billion in ransoms was still paid last year.

Read more: Ransomware payments reach record high: more than 1 billion euros

Ransomware groups and attack vectors

Coveware also examined the most popular perpetrators of ransomware attacks in the first quarter of this year. The Akira group was the top perpetrator, followed by Black Basta and LockBit 3.0 in joint second place. LockBit 3.0 took a…

Source…

94% of Ransomware Victims Have Their Backups Targeted

/in


Organisations that have backed up their sensitive data may believe they are relatively safe from ransomware attacks; however, this is not the case based on findings from a new study from IT security company Sophos. The report showed that cybercriminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year.

Attackers are aware that those who fall victim to ransomware must choose to either pay the ransom or recover their now-encrypted systems from a backup. To put more pressure on decision-makers to pay up, it is becoming more common for them to target the duplicated data as well as the production data. Indeed, the report showed the victim is almost twice as likely to pay up if their backup is compromised, and recovery from the attack is eight times more expensive.

The Sophos research revealed the extent of the popularity and effectiveness of ransomware groups targeting corporate backups (Figure A).

Figure A

Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals.
Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals. Image: Sophos

SEE: What is ransomware? Read this TechRepublic cheat sheet

How much does it cost to recover from a ransomware attack on the backup?

The Sophos research found that the median ransom demand for organisations whose backups are compromised is $2.3 million (£1.8 million) (Figure B). When the backup is not compromised, the median ransom demand is $1 million (£790k), as the attacker has less leverage.

Figure B

The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups.
The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups. Image: Sophos

“Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive,” Sally Adam, the senior director of marketing at Sophos, wrote in the report.

Companies without compromised backups are also more likely to be able to negotiate the ransom payment down, paying out an average of 82% of the initial demand. Those whose backups are compromised will pay 98% of the demanded sum, on average.

The total cost of a ransomware attack is often more than just the ransom, as it incorporates the…

Source…

U.S. still finding victims of advanced China-linked hacking campaign, NSA official says

/in


The U.S. is still identifying victims targeted by an extensive China-backed hacking campaign that became the subject of a recent FBI takedown operation and other advisories from officials over the past year, a top NSA cyber official said.

Rob Joyce, the agency’s outgoing cybersecurity director, said on Friday that the U.S. is still finding victims of the Volt Typhoon hacking collective that’s been latching onto critical infrastructure through compromised equipment including internet routers and cameras, and that NSA is not yet done with efforts to eradicate such threats.

The clandestine activities, which are said to be backed by the Chinese government, have allowed the hackers to conceal their intrusions into U.S. and foreign allies’ systems for at least five years, officials have previously said. 

The FBI in January announced it had jettisoned a significant portion of the group’s operations from compromised equipment it had burrowed into. These claims were subsequently affirmed by analysis from the private sector. But Friday’s remarks indicate there is still a way to go before Volt Typhoon is completely eradicated from U.S. networks.

Joyce, who was speaking to a group of reporters, declined to give a precise account of how many victims were remaining, but said the Chinese cyberspies are using tradecraft that’s difficult to uncover because of its reliance on stolen administrator credentials which allow them to more easily mask exploits.

The Volt Typhoon group has been carrying out “station keeping” activities, in an effort to preposition themselves to take down key infrastructure like transportation networks, he said. As for when the dismantling order would come down from Chinese authorities, the agency assesses it would be a “pretty high bar” reserved for major conflict like a possible Chinese invasion of Taiwan, he said.

The Volt Typhoon hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, previous U.S. reports said, noting that they have breached American facilities in Guam, as well as other key infrastructure in facilities both inside and outside the U.S.

Joyce added that NSA has been able to…

Source…

LockBit 3.0 Ransomware Attack Hits Again: Add 2 New Victims

/in


The nefarious LockBit 3.0 ransomware group has struck once again, targeting unsuspecting victims in their latest wave of attacks. The most recent victims to fall prey to the LockBit 3.0 ransomware attack are MMI Culinary Services and Caribbean Radiation Oncology Centre.

The authenticity of the LockBit group’s claims regarding the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Centre remains shrouded in uncertainty.

What We Know About this LockBit 3.0 Cyberattack?

Despite assertions of successful infiltration and data compromise, the official websites of the targeted companies appear to be fully operational, casting doubt on the veracity of the cybercriminals’ boasts.

The Cyber Express Team has tried to substantiate LockBit 3.0 ransomware attack claims by reaching out to company officials for clarification. However, as of the time of this report, no response has been forthcoming, leaving the LockBit 3.0 ransomware attack claim unverified.

MMI Culinary Services, based in Louisiana and established in 1986, has evolved from a modest catering business specializing in Cajun-style seafood boils to a leading manufacturing company renowned for its “kettle-cooked” foods.

On the other hand, the Caribbean Radiation Oncology Centre, located in Guaynabo, Puerto Rico, has been providing cutting-edge cancer diagnosis and treatment services since its inception in 2007, earning a reputation as one of the region’s premier medical facilities for advanced oncological radiation technology.

Repercussions of Cyberattack on Targeted Firms

The repercussions of the cyberattack on MMI Culinary Services and Caribbean Radiation Oncology Center, if proven true, could extend far beyond immediate financial losses.

These attacks have the potential to compromise highly sensitive data, ranging from proprietary recipes and manufacturing processes to patients’ medical records and treatment protocols.

For MMI Culinary Services, a breach could not only result in the loss of valuable intellectual property but also undermine customer trust and confidence in the safety and quality of their products.

Similarly, for Caribbean Radiation Oncology Center, the exposure of patient data could…

Source…