24 Mar Ransomware research opens window to online fraud payments
The path from ransomware demand to payment is a winding and tortuous road recording to a new research study led by Damon McCoy, a professor of computer science and engineering at NYU Tandon School of Engineering.
McCoy and a team of scientists from UC San Diego, Princeton , Google and blockchain analytics firm Chainalysis offers a detailed account of the ransomware payment ecosystem, from initial attack to cashout by hackers.
Key ransomware research findings
The report, to be presented at cyber security conference in May, made several key discoveries:
- -South Koreans paid 16% ($2.5 million) of $16 million tracked by researchers
- -most ransomware hackers used Russian cryptocurrency exchange BTC-E to convert bitcoin to fiat currency
- -more than 20,000 ransomware payments were made in the past two years.
How do hackers convert bitcoin to cash?
Most hackers involved used the Russian cryptocurrency exchange BTC-E to convert their stolen digital currencies into cash although this exchange was recently seized by FBI.
“Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected,” McCoy said.
Using blockchain technology, the research team was able to identify payment addresses and track payments through a path to where hackers tried to convert their digital ransoms into cash.
Researchers struggled with the problem of trying to track stolen coins without interfering with victims’ ability to pay ransom and recover their data or other stolen property.
The research group also said it is very likely that much more than $16 million has been paid by ransomware victims because many times it is an unreported crime.
- -American Bankers Association (2016) estimates individuals and business lost $18 million to ransomware attacks between April 2015 and June 2016.
- -Everett estimates ransomware could range from $70 million to more than $200 million annually because of lack of reporting.
- -Cyber Threat Alliance (2015) reported that from Nov 2015 to
June 2016, 7.1 million attempted infections were identified globally with a peak of one day with 228,496 ransomware hits.
- -researchers say ransomware first appeared in Russia in 2009, spreading to Western Europe, Canada and the US by 2010
- -20% of the US businesses hit by attacks had to cease business temporarily
- -nearly 50% of ransomware demands were below $1000; only 17% were above $10,000
- -the biggest impact was downtime – an average of 25 hours or more
- -37% were from malicious attachments and 27% from a bad email link.
Common reasons for ransomware attacks
Writer Brian Heater identifies the most common reasons for ransomware attacks including lack of knowledge; overlooking dangers surrounding visiting certain sites; inappropriate anti-virus installations; outdated necessary software (like java, acrobat, browsers, and others); sticking with old computers; and desperate attempts to solve computer problems.
Ransomware attacks are on the rise every year and business and government will need to continue to invest in the latest security software and prevention training.
Read more about the Reuters’ report on the Mar 22 ransomware attack that took out many essential services for the city of Atlanta, Georgia in willthe US. Impacted were essential including warrant issuances, water requests, new inmate processing, court fee payments and online bill-pay programs across multiple city departments, officials told a news conference. A $51,000 ransom is being demanded by hackers.