FBI: Over $140 million handed over to ransomware attackers

(Image credit: Future)

By analyzing bitcoin wallets and ransom notes, the FBI has determined that cybercrime victims paid over $140m to ransomware operators over the past six years.

At this year's RSA security conference, FBI Special Agent Joel DeCapua presented in his findings during two sessions in which he explained how he was able to use bitcoin wallets and ransom notes collected by the FBI, shared by private partners or found on VirusTotal to figure out how much victims paid in ransom payments.

According to DeCapua, between October 2013 and November 2019, approximately $144,350,000 was paid in bitcoins to ransomware actors. However, this figure does not include operation costs related to these attacks but just the ransom payments that were made.

When it came to the most profitable ransomware families, Ryuk brought in the most money for ransomware operators at $61.26m followed by Crysis/Dharma at $24.48m and Bitpaymer at $8.04m. It's worth noting that the actual amount of payments made over these six years is likely much higher as the FBI does not have access to all of the data surrounding ransomware attacks, as many businesses keep them secret to prevent hurting their stock prices.

Defending against ransomware

During his sessions at RSA, DeCapua also provided some tips on how companies and individuals can avoid falling victim to ransomware attacks.

DeCapua revealed that the Windows Remote Desktop Protocol (RDP) is the most common method that ransomware attackers are able to gain access to a network before deploying ransomware. In fact, RDP accounts for 70-80 percent of network breaches which is why he recommends that organizations use Network Level Authentication (NLA) for additional protection. 

With NLA, clients are required to authenticate themselves with the network before they can actually connect to the remote desktop server. This provides increased security against preauthentication exploits though, DeCapua also suggested that unique and complex passwords should be used for RDP accounts.

Additionally, DeCapua suggests that businesses and individuals be careful of phishing attacks, install software and operating system updates, use complex passwords, monitor their networks and have a contingency plan with backups to prevent falling victim to a ransomware attack.

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.