INSUBCONTINENT EXCLUSIVE:
By analyzing bitcoin wallets and ransom notes, the FBI has determined that cybercrime victims paid over $140m to ransomware operators over
the past six years.At this year's RSA security conference, FBI Special Agent Joel DeCapua presented in his findings during two sessions in
which he explained how he was able to use bitcoin wallets and ransom notes collected by the FBI, shared by private partners or found on
VirusTotal to figure out how much victims paid in ransom payments.According to DeCapua, between October 2013 and November 2019,
approximately $144,350,000 was paid in bitcoins to ransomware actors
However, this figure does not include operation costs related to these attacks but just the ransom payments that were made.When it came to
the most profitable ransomware families, Ryuk brought in the most money for ransomware operators at $61.26m followed by Crysis/Dharma at
$24.48m and Bitpaymer at $8.04m
It's worth noting that the actual amount of payments made over these six years is likely much higher as the FBI does not have access to all
of the data surrounding ransomware attacks, as many businesses keep them secret to prevent hurting their stock prices.During his sessions at
RSA, DeCapua also provided some tips on how companies and individuals can avoid falling victim to ransomware attacks.DeCapua revealed that
the Windows Remote Desktop Protocol (RDP) is the most common method that ransomware attackers are able to gain access to a network before
In fact, RDP accounts for 70-80 percent of network breaches which is why he recommends that organizations use Network Level Authentication
to the remote desktop server
This provides increased security against preauthentication exploits though, DeCapua also suggested that unique and complex passwords should
be used for RDP accounts.Additionally, DeCapua suggests that businesses and individuals be careful of phishing attacks, install software and
operating system updates, use complex passwords, monitor their networks and have a contingency plan with backups to prevent falling victim
to a ransomware attack.Via BleepingComputer
