The FBI issued warnings last year over the rise in popularity of Bitcoin ransomware, and a few days ago the law enforcement agency reached out to companies requesting assistance to help it tackle the threat from the latest ransomware variants, just days before the malicious software was used on MedStar Health System.
Over the last few weeks a number of healthcare institutions have reported being attacked with ransomware, and there is no telling how many companies have had corporate and customer data encrypted by attackers. Many do not like to advertise the fact they have been attacked.
While attacks on individuals only result in relatively small ransoms being paid, the same cannot be said for companies. Ransom demands of tens of thousands of dollars are issued, and many companies feel they have little alternative but to pay the ransom demand in order to recover their data.
Unfortunately for enterprises, the threat from Bitcoin ransomware is unlikely to go away any time soon. More cybercriminals are getting in on the act and attacks will continue as long as they prove to be profitable. The bad news is Bitcoin ransomware is very effective. Worse still, attacks require little technical skill and cost very little to pull off.
Bitcoin Ransomware Kits Mean Little Skill is Required to Pull Off a Successful Attack
According to a report in the Italian newspaper La Stampa, the cost of conducting a ransomware attack can be shockingly low and requires little in the way of skill. One reporter at the newspaper set out to discover just how easy it is to buy ransomware and conduct an attack. After visiting underground forums on the darknet, the researcher found a board where ransomware-as-a-service was being offered.
One poster on a Russian forum was not only offering ransomware for sale, but made it exceptionally easy for would-be cybercriminals to conduct campaigns. The purchaser would be supplied with the ransomware, distribution tools to send out the malicious file-encrypting software via email and advertising networks, and this Bitcoin ransomware service could be bought for as little as $100.
According to the article, the purchaser would be allowed to keep 85% of the ransoms that were collected, with the remaining 15% going to the seller of the service. There appears to be no shortage of takers. The hacker behind this campaign allegedly has between 300 and 400 active customers. This is only one seller. There are many more offering such a service. The campaigns may not be particularly sophisticated, but the reality is that they don’t actually need to be.
Some sellers even offer Bitcoin ransomware kits where purchasers only need to enter in their Bitcoin address for the payment of the ransom, the amount they wish to charge their victims for the security keys, and they can download everything they need, including instructions on how to run the campaign. These services are not being sold for big bucks. The sellers know they can earn considerable sums by taking a cut of the ransoms that are paid.
The standard rates being charged by attackers to supply security keys for single computer infections is between 0.5 and 1 Bitcoin – approximately $200-$425. All that is required for an attacker to make a profit is one or two victims to install the Bitcoin ransomware and pay for a security key. According to data released by Tripwire, half of American ransomware victims have ended up paying the ransom demand to recover their data.
Until law enforcement efforts to track down attackers and shut down underground forums improve, and victims stop paying ransoms, the attacks are likely to continue to increase.
What businesses need to do is to make sure they are better protected to prevent Bitcoin ransomware from being installed and to ensure they have viable backups in case ransomware does get installed on their networks.