Ransomware Virus Damage

Ransomware ransomware viruses (ransomware)

Main article: Ransomware ransomware ransomware viruses (ransomware)

2024

Payment of ransom to ransomware hackers in the world for the year decreased by 35% to $813.55 million

In 2024, the total amount of ransoms paid to cybergroups of ransomware on a global scale amounted to $813.55 million. This is 35% less than in 2023, when a record figure of $1.25 billion was recorded. Such data are provided in the Chainalysis review, published on February 5, 2025.

It is said that the ransomware landscape underwent significant changes in 2024. The first half of the year was marked by high activity of cybercriminals, as a result of which ransomware victims paid a total of $459.8 million in ransoms for obtaining a key to decrypt data and prevent the publication of stolen information on the Internet. The result by 2.38% exceeded the amount recorded in the first half of 2023. In addition, during January-June 2024, ransomware victims made a number of very large one-time payments: for example, cybercriminals from the Dark Angels group managed to receive a ransom of $75 million. But in the second half of 2024, the intensity of payments began to decline, as a result of which, at the end of the year, the total amount of buybacks decreased by more than a third.

The authors of the study cite several main factors that contributed to a significant drop in payments. These are law enforcement efforts to combat cybercrime, strengthen international cooperation and the refusal of victims to pay ransom. In response, attackers change tactics. They often begin to demand a ransom almost immediately after data theft, threatening in case of refusal to publish information on the dark web.

The formed ransomware ecosystem is represented by many newcomers who, as a rule, focus their efforts on small and medium-sized businesses. Attacks on such organizations are accompanied by more modest ransom demands, says Lizzie Cookson, senior director of incident response at Coveware, which specializes in information security.[1]

Ransomware hackers paid record $75 million ransom

At the end of July 2024, researchers at cybersecurity company Zscaler ThreatLabz tracked an 18% year-on-year increase in ransomware attacks. Among other things, they found evidence of a record $75 million ransom paid to hackers by an unknown victim in early 2024.

Earlier, Varonis also collected statistics on ransomware and reported that the largest ransom amount was recorded in 2021, when insurance giant CNA Financial paid a staggering $40 million. However, the latest Zscaler ThreatLabz report shows that hacker appetites are only growing, as is the number of attacks.

𝓲

Фото: Unsplash

According to the researchers, in January-June 2024, the United States recorded an amazing increase in the number of ransomware attacks - by 93%. Healthcare, manufacturing and technology industries have been hit hardest by cybercriminal gangs, with attacks on the manufacturing industry more than double those of the other two industry groups combined. Geographically, the US accounts for almost half of all ransomware attacks, with the UK next.

In total, Zscaler researchers were able to track a total of 391 gangs of hackers sending ransomware, with 19 new gangs identified between April 2023 and April 2024. The record payment of $75 million was received by the Dark Angels gang, which had previously not come to the attention of the media. In fact, this group of ransomware is not even one of the top ten most active groups in the report, and the LockBit hacker group is firmly in the lead, which has provided more than twice as many attacks as the BlackCat (ALPHV) group, which ranks second, followed by the 8Base, Play and Clop gangs.^[2]

2023

Ransoms to ransomware hackers in the world reached a record $1 billion in a year

Ransoms to ransomware hackers in the world for 2023 reached a record $1 billion. This is evidenced by the data of the information security company Positive Technologies, published at the end of April 2024.

Experts cited the example of Caesars Entertainment (one of the world's largest representatives of the hotel and entertainment business): it paid a ransom of $15 million to ransomware who threatened to publish stolen customer data from a loyalty program.

𝓲

Фото: Positive Technologies

In 2023, hackers switched from simple encryption to the threat of publishing stolen data, Positive Technologies analysts said. The trend appeared against the background of how companies began to implement more comprehensive protection measures - from the point of view of attackers, this makes ransomware attacks less effective. In addition, the rejection of encryption and the transition to extortion through the threat of publishing stolen data may be due to the release of various decoders by security experts, said Irina Zinovkina, head of the Positive Technologies research group.

According to the study, medical organizations were most affected by ransomware attacks in 2023 (18% of all incidents were in the medical industry), which led to the closure of some institutions, the redirection of ambulances to other hospitals and a delay in the provision of medical services. In addition, in 2023, ransomware viruses were often attacked by organizations from the field of science and education (14% of the total number of ransomware attacks), government agencies (12%) and industrial organizations (12%). Almost all ransomware in 2023 was distributed by e-mail and by compromising computers and servers.

Hackers increased by 20% the requirements for ransom in ransomware attacks to $600 thousand.

In 2023, the average amount of initial ransom that attackers demanded when introducing ransomware into the victim's IT infrastructure was $600 thousand. This is 20% more compared to the previous year, when this indicator was at around $500 thousand. Such data are provided in a report by Arctic Wolf Networks, published on February 20, 2024.

It is noted that the size of the ransom varies depending on the scope of activity of the attacked organization. So, in the legal, state, retail and energy industries, cybercriminals in 2023 demanded an average of $1 million or more. Arctic Wolf Networks experts say that the trend of an increase in the ransom amount among ransomware groups remains. This is due to new initiatives to combat cybercrime and the growing number of refusals of victims from transferring the requested money.

𝓲

Фото: Unsplash

Ransomware attacks are guarded by organizations of both large and small size, and there are good reasons for this: the damage caused by such viruses leads to huge losses, not counting the actual ransom, say Arctic Wolf Networks experts.

The study also notes that in 2023, cybercriminals actively exploited vulnerabilities identified in 2022 and earlier. Such holes were involved in almost 60% of incidents. At the same time, only 12% of cyber attacks were associated with zero-day vulnerabilities. In 2023, hackers often carried out attacks related to the compromise of business email: the number of such incidents turned out to be approximately 10 times more than the number of ransomware attacks. In general, the volume of cyber incidents continues to grow every year. Attackers are adopting new tactics based on the use of generative artificial intelligence.^[3]

Payments of victims of ransomware viruses in the world reached a record $1.1 billion

In 2023, the total volume of payments to victims of ransomware viruses on a global scale amounted to $1.1 billion, which is a new record. For comparison, in 2022 this figure was estimated at $567 million. Thus, a twofold increase was recorded on an annualized basis, as stated in a study by the analytical company Chainalysis, the results of which were published on February 7, 2024.

The report notes that the income of ransomware operators in the form of buyouts steadily grew at the height of the COVID-19 pandemic. In particular, in 2019 it amounted to about $220 million, and in 2020 it reached $905 million. In 2021, attackers received $983 million from their victims. But in 2022 there was a sharp decline. Experts attribute this to the current geopolitical situation: the conflict not only disrupted the activities of some cybercriminal groups, but also shifted their focus from financial gain to politically motivated cyberattacks aimed at espionage and destruction of IT infrastructure. But already in 2023, ransomware virus operators returned to their usual activities, and the volume of payments to victims began to grow again.

𝓲

Фото: Chainalysis

The study says that in 2023, in the segment of ransomware, there was a significant increase in the frequency, scale and volume of attacks. Such cyber campaigns were carried out by a wide variety of hacker communities - from large syndicates to small groups and individuals. In addition, attackers are introducing new tactics, in particular, a hunting scheme for the so-called "big game." It allows you to carry out fewer attacks, while receiving larger buybacks from large corporations and organizations.

In 2023, among the largest victims of ransomware viruses were the oil and gas company Shell, US government organizations, British Airways, etc. An increasing share in the total amount of payments is buyouts of $1 million or more.^[4]

2022

Why ransomware hackers started asking for 28% less ransom

On February 21, 2023, the results of a company study CrowdStrike on the spread of ransomware were released. It is reported that in 2022, the average ransom size demanded by attackers decreased by 28% compared to the previous year.

According to The Wall Street Journal, citing CrowdStrike data, in 2022 cybercriminals involved in the distribution of ransomware wanted to receive an average of $4.1 million from their victims. For comparison: a year earlier, the ransom size averaged $5.7 million. This situation is explained by several reasons. These are, in particular, the arrests of members of hacker groups, the fall in the cost of cryptocurrencies and the strengthening of measures to combat cybercrime in general. It is noted that some groups of network attackers are even forced to cut staff due to falling profits. In particular, the cybercriminal company Conti in 2022 fired 45 employees due to the deterioration of its financial situation.

In 2022, the average ransom size demanded by cybercriminals decreased by 28% compared to the previous year

At the same time, the American company Mandiant, specializing in cybersecurity issues, reported that in 2022 the number of cyber incidents related to ransomware decreased by about 15% on an annualized basis.

At the same time, the number of ransomware attacks on industrial organizations in 2022 increased by 87% compared to the previous year, and such malware is aimed primarily at the production sector. Thus, hackers attacked mining companies in Australia and New Zealand, as well as renewable energy companies in the United States and the European Union. Attackers are increasingly focusing on the power, food, water and natural gas sectors.^[5]

Ransom volume after ransomware attacks in the world decreased by $300 million

On January 19, 2023, Chainalysis released data from a study according to which the income of cybercriminals distributing ransomware on a global scale in 2022 decreased by approximately $300 million.

In 2019, ransomware operators received approximately $174 million from their victims as a ransom. In 2020, this amount increased sharply, reaching $765 million. In 2021, it is estimated that the introduction of ransomware malware brought cybercriminals $765.6 million, and in 2022 - approximately $456.8 million. Thus, the fall for the year was 40.3%. This situation, according to experts, is associated primarily with the growing reluctance of victims to pay attackers, and not with a decrease in the actual number of attacks.

Claims data in the cyber insurance industry shows ransomware remains a growing cyber threat to businesses and businesses. However, there are signs that disruptions in the activities of groups of people involved in such malware lead to fewer than expected successful extortion attempts, says Michael Phillips, director of Resilience.

Other specialists also point to a decrease in the intensity of payments. So, Bill Siegel from Coveware said that in 2019, the likelihood of paying a ransom to a ransomware victim was at around 76%. In 2020, this value decreased to 70%, and in 2021 - to 50%. In 2022, a further reduction was recorded - up to 41%. One of the reasons for such a significant drop is that the payment of the ransom has become more risky from a legal point of view, especially after in September 2021, the Office of Foreign Assets Control (OFAC), which is part of the US Treasury Department, published a document on the possible imposition of civil law sanctions on companies and organizations in connection with the fulfillment of ransomware requirements.^[6]

2021

The number of companies that paid more than $1 million to ransomware hackers has increased 3 times

According to a study by a INFORMATION SECURITY solution developer, in Sophos 2021, about 66% of organizations were subjected to a ransomware attack ON , compared to 37% in 2020. And 65% of these attacks were successful in terms enciphering data of their victims, compared with 54% in 2020, the report said.

According to the British cybersecurity company, the average ransom paid by organizations for the most significant attacks using ransom software has grown almost fivefold and amounted to just over $800 thousand, and the number of organizations that paid a ransom of $1 million or more has tripled by the end of 2021 and reached 11%.

The number of companies that paid more than $1 million to ransomware hackers tripled over the year

Chester Wisniewski, chief scientist at Sophos, says the cost of ransomware not only continues to rise, but a growing number of victims decide to pay even when they have other options.

46% of those surveyed who reported that their data had been blocked as a result of the attack said they paid a ransom to get their data back, and 26% said they paid a ransom, although they could have recovered it on their own using backups.

There may be several reasons for this, Wisniewski said, including incomplete backups or a desire to keep company data from being shared online.

{{quote 'Organizations don't know what attackers could have done, such as adding backdoors, copying passwords and more, Wisniewski said in a statement. If organizations do not thoroughly clean up the recovered data, they will end up with all this potentially toxic material on their network and could be reattacked. }} In addition, after a ransomware virus attack, there is often an urgent need to restore performance as quickly as possible, and restoring from backups can often be complex and time-consuming, Wisniewski said. But while paying cybercriminals for a decryption key can be a tempting idea, it's also risky.^[7]

The average ransom payment for ransomware attacks has reached a new record - $541 thousand

On March 30, 2022, the information security company Palo Alto Networks published a study according to which in 2021 the amount of ransom payments when using ransomware ON reached new records, as cybercriminals increasingly turned to "leak sites" in where Darknet they forced victims to pay money, threatening to release confidential data.

According to the report, the average ransom amount demanded by ransomware increased 144% in 2021 to $2.2 million, and the average payment amount increased 78% to $541,010. The most affected industries are professional and legal services, construction, wholesale and retail, healthcare and manufacturing.

In 2021, the volume of ransom payments when using ransomware reached new records, cybercriminals increasingly turned to "leak sites" on the dark web.

"In 2021, ransomware attacks interfered with the day-to-day activities that people around the world take for granted - from buying groceries and gasoline for our vehicles to calling emergency services in the event of an emergency and receiving medical attention," it said.

The most active was the Conti ransomware group, which accounts for more than 1 in 5 cases reviewed by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, came in second with 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organizations on its leak site on the Dark Web, the largest number of any group.

The report describes the growth of the cyber-power ecosystem in 2021 with 35 new ransomware gangs. Criminal gangs are investing their profits in creating easy-to-use attack tools that are increasingly exploiting zero-day vulnerabilities.

According to a study by Palo Alto Networks, the number of victims whose data was posted on leak sites increased by 85% in 2021, to 2566 organizations. 60% of victims of data breach sites were in the Americas, followed by 31% in Europe, the Middle East and Africa, and 9% in the Asia-Pacific region.^[8]

Check Point Software: $40 million is a record ransom for hackers

According to a Check Point Software technology company, the $40 million information security ransom paid CNA Financial by the insurance company in 2021 to hackers has become the largest in the history of attacks. viruses extortioners Experts reported this in early November 2021.

According to Bloomberg, the attackers initially demanded $60 million, and after lengthy negotiations they agreed to a reduced of $20 million. According to information security specialists, the Phoenix virus used to attack CNA Financial was created on the basis of the Hades malware. This virus was developed by the hacker group Evil Corp. Read more here.

2020

Ransomware virus distributors' revenues estimated at $400 million

The US National Security Council calculated that the income of hackers around the world who used ransomware viruses in 2020 amounted to $400 million. The data was published on the White House website in October 2021.

Ransomware virus incidents have disrupted critical services and businesses around the world, affecting schools, banks, government agencies, rescue services, hospitals, energy companies, transportation and food industry businesses. Viruses attacked organizations of any size, regardless of their location. Global economic losses from malware are significant, experts say.

Income of ransomware virus distributors estimated at $400 million in 2020

The administration of US President Joe Biden is making purposeful comprehensive efforts to combat this threat. The work is organized in the following areas:

• Destruction of infrastructure and actors distributing ransomware: ON The administration will use every opportunity U.S. governments to destroy participants, organizers, networks and financial infrastructure of ransomware viruses;

• Building resilience to counter ransomware virus attacks: The administration has called on the private sector to increase investment and focus on cyber defense to counter this threat. The administration also identified expected thresholds cyber security for critical infrastructure and introduced cybersecurity requirements for critical infrastructure; transport

• Combating abuse of virtual currency to launder ransom payments: Virtual currency is subject to the same anti-money laundering and counter-terrorism financing controls (AML/CFT) that apply to fiat currency and these controls, these laws must be enforced.

• Use international collaboration to break down the ransomware virus ecosystem and eliminate safe harbors for criminals using the computer virus:

According to Check Point Research, in the 12-month period that began in October 2020, the number of companies facing ransomware attacks worldwide has increased by 57%, and since the beginning of 2021, the number of such attacks has been growing by 9% monthly. According to statistics AI-startup Deep Instinct, the total number of ransomware attacks increased by 435% in 2020. With the help of this type of viruses, hackers managed to stop the work of 560 medical centers, 1.6 thousand schools and colleges, as well as more than 1.3 thousand other organizations, says information security company Emsisoft.^[9]

Ransomware viruses lured $350 million - Chainalysis

In early February 2021, the analytical company Chainalysis released a report according to which in 2020 hackers received at least $350 million when using ransomware viruses. The company obtained this data by tracking transactions to blockchain addresses related to ransomware attacks.

However, Chainalysis clarified that its estimate indicates only a minimum amount, the true numbers are still unknown, since victims do not always prefer to openly talk about the ransomware attacks and subsequent payments.

Ransomware viruses lured $350 million in 2020

According to Chainalysis, in 2020, payments due to ransomware attacks accounted for 7% of all funds received by "criminal" cryptocurrency addresses. The figures are up 311 per cent on 2019 and analysts at Chainalysis believe the sharp rise is due to new viruses "dramatically increasing profits." According to the company, the largest buyouts were received by ransomware virus groups such as Ryuk, Maze, Doppelpaymer, Networker, Conti and REvil (also known as Sodinokibi). However, other viruses such as Snatch, Defray777 (RansomExx) and Dharma have also generated a profit estimated at millions of dollars for hackers.

Chainalysis assumes that ransomware viruses are used by fewer attackers than originally thought, with many of these groups constantly changing RaaS ("ransomware as a service"), tempted by better offers.

Chainalysis also said that a group of five exchange portals receives 82% of all funds from ransomware in 2020. Law enforcement agencies can use this information to interrupt the flow of money laundering operations received by hackers.^[10]

Damage from ransomware viruses in the world exceeds $1 billion a year

The damage from ransomware viruses in the world exceeds $1 billion a year. Such data were released on November 25, 2020 by Group-IB, a company specializing in preventing cyber attacks.

According to experts, the amount mentioned is the minimum. The real damage can be several times greater, since often affected companies prefer to hush up the incident by paying ransomware, or the attack is not accompanied by the publication of data from the network of victims, the study says.

Group-IB: damage from ransomware viruses in the world exceeds $1 billion per year

The most popular targets of ransomware were companies from the United States: they accounted for about 60% of all known attacks. The share of attacks in European countries was about 20%, about 10% fell on the countries of the Americas (with the exception of the United States) and Asia (7%).

The five industries that are most often attacked by ransomware include:

• production (94 victims);
• retail (51 victims);
• state institutions (39 victims);
• health care (38 victims);
• construction (30 victims).

Maze and REvil are named the most dangerous ransomware - from the end of 2019 to the end of November 2020, they account for more than 50% of successful attacks. They are followed by Ryuk, NetWalker, DoppelPaymer.

According to Group-IB estimates, over the past year, by the end of November 2020, more than 500 public ransomware attacks on companies in more than 45 countries are publicly known.

The study notes that private and public partner programs have become the catalyst for the growth of attacks on such viruses, which has led to a dangerous symbiosis of ransomware with attackers who specialize in compromising corporate networks. Another reason for their growth is that cybersecurity tools used by companies "skip" ransomware, not coping with detecting and blocking threats at an early stage. Ransomware operators redeem access and attack the victim.^[11]

Over $1 billion - total damage from "ransomware"

The company, an Group-IB international company specializing in prevention, cyber attacks investigated key changes in the field cybercrime in the world and on November 25, 2020 shared its forecasts for the development of cyber threats for 2021. Analysts summarize: the greatest financial damage was recorded as a result of attacks by viruses decryptors. The result of a difficult period world economies for was the heyday of the market for the sale of access to compromised networks of companies. At the same time, the volume of the stolen goods market has more than doubled. In the bank cards race against pro-government hacker groups, new players appeared, and those who were considered to have left the stage resumed attacking actions.

According to the Hi-Tech Crime Trends 2020-2021 report, a new wave of ransomware has swept the end of 2019 and all of 2020. Most ransomware has focused on attacks by commercial and public sector companies. The victim of such attacks can be any company, regardless of the scale and industry, the main criterion for attackers is financial benefit. At the same time, in the absence of the necessary technical tools and data recovery capabilities, the ransomware attack can lead not only to downtime, but also to a complete shutdown of the organization.

In total, over the past year, more than 500 public ransomware attacks on companies in more than 45 countries are publicly known. The lower limit of the total damage from the actions of ransomware, according to Group-IB estimates, is more than one billion dollars ($ 1 005 186 000). However, the real damage is many times higher: often affected companies prefer to hush up the incident by paying ransomware, or the attack is not accompanied by the publication of data from the victim's network.

The most popular targets of ransomware were companies from the United States: they accounted for about 60% of all known attacks. The share of attacks in Europe was about 20%. About 10% fell on the countries of North and South America (with the exception of the USA) and Asia (7%). The top 5 most attacked industries include manufacturing (94 victims), retail (51 victims), government agencies (39 victims), health care (38 victims), construction (30 victims).

The most dangerous ransomware since the end of 2019 are Maze and REvil - they account for more than 50% of successful attacks. Ryuk, NetWalker, DoppelPaymer are in the second tier.

Private and public partner programs gave an incentive for the heyday of the ransomware era, which led to a dangerous symbiosis of ransomware with attackers who specialize in compromising corporate networks. Ransomware operators redeem access and attack the victim. After she pays the ransom, a percentage of this amount is received by the partner. Researchers distinguish such vectors of network hacking as malicious mailings, selection passwords to remote access interfaces (RDP,,) SSH VPN (malware for example, loaders), as well as the use of new types (boat networks brute-force botnet), the purpose of which is distributed password selection from a large number of infected devices, including. servers

According to Group-IB, since the end of 2019, ransomware has adopted the following equipment: before encryption, they copy all the information of the victim company to their servers for the purpose of further blackmail. If the victim does not pay the ransom, she will not only lose the data, but will also see it in the public domain. In June 2020, REvil began holding auctions where stolen data acted as lots.

The Hi-Tech Crime Trends 2020-2021 report provides recommendations for countering attacks on ransomware, both in terms of technological measures for information security services and in terms of increasing the expertise of cybersecurity teams in order to combat this threat.

Other Group-IB findings collected as part of the Hi-Tech Crime Trends 2020-2021 report can be found in the TAdviser specialist articles:

• The outgoing year has shown that increasingly espionage is being replaced by active attempts to destroy infrastructure. The arsenal of attackers is actively replenished with tools for attacks on physically isolated networks of critical infrastructure. Read more - here.
• The volume of access to corporate networks of companies sold on darknet forums increases annually, but the peak was in 2020. It is quite difficult to assess the total volume of the market for the sale of access in the underground: attackers often do not publish prices, and transactions take place "in private." Read more - here.
• The volume of the carding market for the study period increased by 116% - from $880 million to $1.9 billion - compared to 2019. High growth rates are characteristic of both text data (number, expiration date, holder name, address, CVV) and dumps (contents of magnetic strips of cards). Read more here.

• During the analyzed period, 118% more phishing resources were identified and blocked than before. Analysts explain this growth for several reasons, the main of which is the pandemic. Read more - here.

In general, the Hi-Tech Crime Trends 2020-2021 report explores various aspects of the functioning of the cyber-criminal industry, analyzes attacks and predicts a change in the ladschaft of threats for various sectors of the economy: financial, telecommunications, retail, production, power. The authors of the report also analyze campaigns deployed against critical infrastructure facilities, which are increasingly becoming a target for special services of different states.

Hi-Tech Crime Trends 2020-2021 is intended for risk management experts, strategic task planners in the field of cybersecurity, representatives of boards of directors responsible for digital transformation and investing in the protection of information systems. For Chief information officers, cybersecurity team leaders, SOC analysts, incident responders, the Group-IB report is a hands-on guide to strategic and tactical planning, offering analytical tools that help adjust and customize corporate and government network security systems.

Hi-Tech Crime Trends 2020-2021 forecasts and recommendations are aimed at reducing financial losses and downtime of infrastructure, as well as taking preventive measures to counter targeted attacks, espionage and cyber terrorist operations.

2016:Trend Micro: Cybercriminals earned $1 billion from ransomware

Trend Micro presented in June 2017 the summary and main conclusions of the Ransomware: Past, Present, and Future report. For more research, see Cyberattacks.

The first ransomware attack was recorded Russia between 2005 and 2006. In the message, hackers demanded 300 dollars USA for returning encrypted files. At the first stage, files with the most common extensions were encrypted:.DOC,.XLS,.JPG,.ZIP,.PDF, etc. Later, varieties of ransomware appeared that could encrypt data on mobile devices and even affect the operation of the main boot record. At the end of 2013, varieties of programs appeared that not only encrypted files, but also began to delete them if the victim refused to pay a ransom, for example, such as CryptoLocker.

The main conclusions of the report and the company's forecasts:

• Ransomware families grew by 752% in 2016.
• In 2016, the average ransom amount for returning access to files was 0.5 − 5 bitcoins.
• Ransomware attacks are becoming more targeted today, and spam is used as the main means of distribution (79%), infection of existing ones or the creation of separate sites/pages on the Internet (20%), as well as sets of exploits.
• The main focus of cybercriminals is shifting - since 2015, the main goal of ransomware is becoming individuals, and business.
• Ransomware is now available as a service. The Ransomware-as-a-service model allows attackers to get even more money.
• When attacking a business, attackers most often encrypt the company's databases, in second place are SQL files.
• In the future, ransomware targeting critical infrastructure as well as industrial enterprise management (ICS) may emerge.

Monthly Growth Chart for Ransomware Families, (2016)

Examples of the largest ransomware attacks in the second half of 2016:

• In September, as a result of a ransomware attack on the municipality of Springfield (Massachusetts, USA), its files were unavailable for 10 days.
• In September, Vesk (UK) paid a ransom of $23,000 to attackers to return access to their files.
• In November, the Madison County Municipality (New York, USA) paid attackers $28,000 to decrypt files.
• In November, due to a ransomware attack on the San Francisco Municipal Transportation Agency, the authorities were forced to make public transport in the city free for a certain time.
• In November, the ransomware encrypted about 33,000 files in the Howard County Municipality system (USA).
• In December, the East Valley Community Health Center in the United States was attacked by a ransomware program, which affected the records of about 65 thousand people. They contained personal information, medical data and insurance data.

In order to minimize possible risks and protect against ransomware, Trend Micro recommends:

• Back up data regularly. At the same time, create three copies, in two formats, one of the copies must be stored without access to the Network.
• Regularly update the software used on devices.
• Provide staff training covering phishing.
• Restrict access to confidential information within the company.
• Do not pay the ransom.
• Use advanced information security solutions that include network monitoring, behavior analysis technologies, vulnerability protection, etc.