At Least $24 Million Paid as “Ransom” to Criminals in 2015

The Department of Homeland Security (DHS) and Department of Justice (DOJ) published reports in early April, providing information on ransomware and cybercriminal attacks on the public.

A type of malicious computer program, ransomware encrypts its victim’s data and files while asking for a ransom for the files to be returned to their previous state. This modus has become more and more of a normal occurrence – as even schools, hospitals, and police departments have been targeted.

At the time of the report, the DOJ said the Internet Crime Complaint Center received more than 7,000 complaints that involved ransomware since the start of last year. This lead to approximately $57 million in estimated damages, including the ransoms paid by the victims. Last year alone, a sum of $24 million had been paid to cybercriminals – with more than 2,500 reports filed.

Since July of 2015, the DHS stated that their National Cybersecurity and Communications Integration Center had been involved in more than 300 reports that were related to ransomware – victimizing almost 30 different federal agencies since the middle of the year. These cases involved attempted hacks and infections, with the infections being dealt with by the agencies’ internal computer security experts. The cases were resolved by removing the affected computer system from the organisation’s network and replacing it with a new system. This method had little to no impact on the users or the agencies.

Homeland Security says they are not aware of agencies paying ransoms – the DOJ, however, begs to differ.

The DHS collaborated with the Multi-State Information Sharing and Analysis Center (MS-ISAC), a not-for-profit organisation that works in detecting and eliminating cybercrimes for almost a thousand government entities they are involved with.

MS-ISAC provided “forensic assistance” for more than 40 cases of ransomware-affected government machines in 2015, while analyzing cloned hard drives and telephone support, said MS-ISAC Communications Director Barbara Ware. The number gets bigger if you MS-ISAC’s network monitoring is considered. They detected and informed government agencies to about 2,000 ransomware infections last year.

This gets a little disturbing as MS-ISAC only offers this service to a very small percentage of their clientele – a 2015 catalog put the number at 65+. Ware, however, added that this number is larger as a member could be entire state governments (which could include law enforcement and state schools).

The Department of Homeland Security said it does not know of any instance where government agencies paid ransoms, but the Department of Justice said otherwise – adding that there have been more than a few times government entities have approached them for help. Some additional media reports also verify these rumors.

The town of Medfield, Massachusetts paid hackers $300 when a malicious application froze their computer systems for a week in the first part of February. Less than a month after, school officials from Horry County, South Carolina paid $8,500 to get back their servers after it was penetrated by ransomware.

Police departs are also being victimised by hackers, as they are unlikely to have backups to their data, according to MS-ISAC chairperson Tom Duffy. This type of backup system is critical especially when regaining access to encrypted and infected data without handing the ransom.

The DOJ stated in a public report that a majority of ransomware strains are almost impossible to defeat without the decryption keys. While the FBI does continue with their investigations, they are now focusing on ransomware prevention education instead.

Homeland Security discovered that their Einstein cybersecurity service relied on known viruses’ signatures to be detected. This results in the system being vulnerable to previously unknown viruses, an issue while new types of ransomware come out so often.

However, all is not lost. The government agencies are somewhat successful as they are able to put a stop to online hackers. The DOJ publicised “Operation Shrouded Horizon”, an international cybercrime initiative that was able to disable Darkode – which Europol called the “most prolific English-speaking cybercriminal forum.” The downside to this is that some countries who hold these hackers tend not to cooperate with the U.S. government in terms of bringing the criminals to court or jail.

Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.

Share on social media: