A research study by ProPublica discovered that the majority of ransomware solutions providers have one unusual trick for getting rid of cyber criminals - paying them off the cryptocurrency.
Reported by Coveware, ransomware attacks were in a surge in Q1 2019:
"In Q1 of 2019, the average ransom amplified by 90% to $12,000, in comparison with $6,500 in Q4 of 2018. The ransom reveals increased attacks of more costly forms of ransomware such as Iencrypt, Ryuk, and Bitpaymer. Most of these ransomwares tend to be used in personalized specific attacks on larger business targets."
When cyber-terrorist encrypts an afflicted computer, the question comes in mind that how to unlock the data. ProPublica learned that many data retrieval companies simply spend the money for ransom and then charge some premiums for their issues.
Confirmed Information guaranteed to help ransomware victims by unleashing their data files with the "latest technologies," according to former clients and company emails. Instead, it acquired decryption resources from cyberattackers by paying out ransoms, according to the Federal Bureau of Investigation affidavit and Storfer acquired by ProPublica.
Adoption of Data Retrieval Techniques Rather Paying Ransoms
Other companies also claim to use their very own data retrieval techniques rather pays ransoms, in some cases without revealing to victims such as law enforcement agencies, ProPublica found.
The companies are alike in different ways. Both of them charge victims huge fees over the ransom amounts. Additionally, they offer various other solutions, such as securing breaches to cover future cyber-attacks. Both companies used aliases for their employees, rather than real names, in making contact with victims.
Ransomware is actually getting a whole lot worse.
Immediately after US Attorney General tracked and indicted a couple of Iranian cyber-terrorist for issuing ransomware known as SamSam, government bodies anticipated the epidemic of attacks would probably fall. Instead, it increased, whipping 2018 levels significantly.
The main reason, many think, is because ransomware is profitable. Online hackers can easily launch an assault, and then, once the victims find the hack, they make a deal quickly with security companies to unlock the computer systems. On the other hand, many of these firms offer recovery solutions, and many security experts work on free solutions for the WannaCry ransomware.
The fact is that the hacks are getting a whole lot worse and the software required is getting more sophisticated. Coveware confesses to actually dealing with con artists. They have found it to be one of the easiest techniques for getting data files back.
The issue, however, is that most of these initiatives are unintentionally supporting terrorism. Additionally, they said, it takes more time to decrypt computer systems that are hacked, due to new versions of the ransomware.
In the first quarter of 2019, Coveware wrote that the standard downtime was increased to 7.4 days, from 6.4 days in the 4th quarter of 2018.
Bill Siegel, CEO of Coveware, found that the typical ransomware recovery is not actually a settlement with "terrorists" as United States Government authorities believe. They have dealt with a "few hundred" ransomware cases this year and found that each and every cyberpunk is different and quite often frustrated.
"Our perception based on the experience and the study of the industry is that the vast majority are comparatively normal individuals who don’t have authorized monetary prospects that match up with their technical skills," Bill Siegel said. "They (hackers) also live in different parts of the world that are away from the legal system of Western authorities, and therefore are ambivalent about stealing from the Western world."
The process for communicating with online hackers is also quite accurate.
A representative of one of this companies said that his firm worked really hard to make use of both techniques - ransom, and recovery:
"The particular process of recovery varies from situation to situation when it comes to the nature and scope of the cyber-attack. Our techniques for data retrieval and security are the solution of years of technical expertise and experience, and we don't share this process to the general public or our own clients. That's corresponded clearly beforehand. Having said that, what I can only tell you is that we're a cyber security firm, not a data retrieval firm."