A study by ProPublica found that most ransomware solutions providers have one weird trick for getting rid of hackers – paying them off.
Ransomware activity is growing weekly according to experts at CoveWare. The result? Companies who just want to pay the ransom and move on.
According to CoveWare, ransomware attacks were up in Q1 2019:
In Q1 of 2019, the average ransom increased by 89% to $12,762, as compared to $6,733 in Q4 of 2018. The ransom increase reflects increased infections of more expensive types of ransomware such as Ryuk, Bitpaymer, and Iencrypt. These types of ransomware are predominantly used in bespoke targeted attacks on larger enterprise targets.
Once hackers encrypt an infected computer, however, the real question is how to unlock your data. ProPublica found that many data recovery firms simply pay the ransom and then charge a premium for their trouble.
Proven Data promised to help ransomware victims by unlocking their data with the “latest technology,” according to company emails and former clients. Instead, it obtained decryption tools from cyberattackers by paying ransoms, according to Storfer and an FBI affidavit obtained by ProPublica.
Another U.S. company, Florida-based MonsterCloud, also professes to use its own data recovery methods but instead pays ransoms, sometimes without informing victims such as local law enforcement agencies, ProPublica has found. The firms are alike in other ways. Both charge victims substantial fees on top of the ransom amounts. They also offer other services, such as sealing breaches to protect against future attacks. Both firms have used aliases for their workers, rather than real names, in communicating with victims.
Ransomware is getting worse.