• 22 hours Markets Unfazed As Inflation Hits 13-Year High
  • 2 days How the Token Economy is Disrupting Financial Markets
  • 4 days FBI Investigating 100 Types Of Ransomware Attacks
  • 6 days Fed Ends Corporate Credit Emergency Lending Program
  • 8 days AMC Becomes the Latest Winning Meme Stock After GameStop
  • 9 days The Real Reason Your 401k Has Been Lagging
  • 10 days China Lifts Cap On Births, Allows Three Children Per Couple
  • 12 days The Market Is Ripe For Another GameStop Saga
  • 15 days Senate Grills Big Banks Over Pandemic Opportunism
  • 16 days Cannabis Has A Major Cash Problem
  • 17 days Ransomware Netted Criminals $350M In 2020 Alone
  • 18 days Russia Is Taking On Google
  • 19 days Chinese Regulators Deal Another Big Blow To Bitcoin
  • 20 days Ohio Residents Brave Vaccine for Chance To Win $1M
  • 22 days Inflation Is Coming. Are You Prepared?
  • 23 days 3 World-Shaking Trends Investors Need To Watch This Year
  • 23 days Travel Might Get Another Supersonic Disruption
  • 24 days The World Is Running Out Of 6 Key Resources
  • 25 days $15/Hour Minimum Wage Might Happen Naturally
  • 27 days Money-Laundering Binance Probe Report Adds To Bitcoin Woes
  1. Home
  2. Cryptocurrencies
  3. Bitcoin

FBI Investigating 100 Types Of Ransomware Attacks

FBI Investigating 100 Types Of Ransomware Attacks

The Covid-19 pandemic has forced major changes in our work habits, with remote work and telecommuting becoming the new norm for many organizations and employees. A major theme of the pandemic is that the entire world has been participating in work-from-home setups, with lines between work and home blurring. Although the ardor for remote work has cooled down with many economies reopening, many more organizations are willing to adopt a hybrid of in-office and at-home working work style than before the crisis.


Unfortunately, the global migration to remote work over the last year has also coincided with a sharp spike in cyberattacks, especially ransomware attacks.


Nowadays, an employee doing something as simple and as mundane as clicking a seemingly innocuous link in their email can easily open the doors to a massive attack that can bring a company to their knees, cripple critical service delivery and have ripple effects throughout the global economy.


According to Singapore based cybersecurity firm Group-IB, ransom attacks surged 150% over the previous year with the amount paid by victims of these attacks increasing by more than 300%.


The current year has not been any better, with high-profile ransom attacks against private companies, critical infrastructure, and municipalities grabbing headlines almost on a daily basis. 


The problem has become so insidious that the FBI has taken upon itself to investigate about 100 different types of ransomware.


Top priority


In a new statement, the FBI says it has made investigations into the proliferating ransomware attacks ‘a top priority’ and encourages private companies to contact their local FBI field office if they suspect they have been targeted.


The FBI crackdown comes in the wake of the recent high-profile ransomware attacks against Colonial Pipeline and meat processor JBS Foods.


Back in April, ransomware attackers gained access to Colonial Pipeline computer networks using a compromised password, leading to the deliberate shutdown of one of America's most important fuel distribution companies and panic gas buying.


The password had been linked to a disused virtual private networking (VPN) account used for remote access, cybersecurity solutions company FireEye Inc. (NASDAQ:FEYE) has confirmed. Further, the VPN account was not protected using an extra layer of security commonly known as multi-factor authentication.


Although it remains unclear how the attackers managed to obtain the compromised credential, the fact that hackers could so easily force a critical supply chain company to its knees with something so simple underscores the lax cybersecurity standards by multi-billion dollar businesses that should know better.


Luckily for the oil and gas infrastructure company, an FBI-led operation has been able to recover approximately $2.3 million in Bitcoins paid to notorious hacking group DarkSide. Colonial Pipeline Co. CEO Joseph Blount says the company complied with the $4.4 million ransom demand because it was unaware of the extent of the intrusion and how long it would take to restore operations. 


The decentralized nature of bitcoin and cryptos in general makes them the perfect currency for hackers.


"The misuse of cryptocurrency is a massive enabler here. That's the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds. Individual companies feel under pressure - particularly if they haven't done the cybersecurity work -- to pay off the ransom and move on. But in the long-term, that's what drives the ongoing ransom [attacks]. The more folks get paid the more it drives bigger and bigger ransoms and more and more potential disruption,’’ Deputy National Security Advisor Anne Neuberger has told CNN.


The changing face of ransomware attacks


Like many other tools employed by hackers, ransomware attacks have been evolving and becoming more complex over the years.

A few years ago, the majority of ransom attacks involved only the deployment of ransomware. Hackers would send a phishing email that would deploy malware when an unwitting employee clicked on a link. The extortionist would then offer decryption keys in exchange for a ransom--sometimes in six figures. Once the ransom was paid, the hackers would send the company decryption keys that would allow it to gain access to its servers and even promise not to target the company again.

Ransom attacks have become more sophisticated than that, and have evolved into massive businesses. Modern attacks are mostly focused on exfiltrating sensitive company information. The attacks are usually perpetrated by organized criminal rings that usually do intensive research on their target companies. In addition to deploying malware to encrypt company systems, the threat actors conduct reconnaissance of company files, ultimately exfiltrating large amounts of data, in the order of several terabytes in many instances.

Group-IB says the average ransom demand stood at $170,000 last year, but groups like Maze, DoppelPaymer, and RagnarLocker were able to collect much larger amounts in the $1 million and $2 million range. Maze (20%), Egregor (15%) and Conti (15%) are the most notorious ‘Big-Game hunters’ accounting for most of the attacks analyzed by Group-IB though nation state groups like North Korea’s Lazarus and China’s APT27 are becoming increasingly involved.

Back to homepage

Leave a comment

Leave a comment