The Federal Bureau of Investigation (FBI) was one of the participants in the RSA 2020 meeting, which was attended by big companies such as IBM and AT?amp;T. This year, the conference lacked the involvement of major technology giants due to an outbreak of the coronavirus, but the FBI still sent personnel to participate in security-related activities. During the campaign, the FBI released an interesting statistic that claims ransomware victims have paid attackers more than $140 million over the past six years. The agency calculated this figure by analyzing Bitcoin wallets and ransoms.
FBI Agent Joel DeCapua presented his findings at two meetings, explaining how he analyzed Bitcoin wallets to figure out the numbers. According to DeCapua, between October 2013 and November 2019, the victim had paid about $144,350,000 in bitcoins to ransomware attackers.
The most profitable ransomware was Ryuk, which brought in $61.26 million in “profits”. This was followed by Ryuk, followed by Crysis/Dharma with revenue of $24.48 million and Bitpaymer at $8.04 million.
The FBI says the ransom may be higher because they have no access to complete data. Most companies try to hide these details to prevent negative news coverage and damage their share prices. DeCapua also revealed that the Windows Remote Desktop Protocol (RDP) is the most common method used by an attacker to access the victim’s computer.
The advice of the FBI
Given that the proportion of victims through the RDP approach is as high as 70-80%, the FBI recommends that organizations use network-level authentication (NLA) to provide additional protection, and technicians also recommend that organizations use complex passwords on their RDP accounts and check for updates to install the latest version of the application and operating system as soon as possible. Researchers typically post proof-of-concept after a vulnerability is fixed so that any bad actor can use it to attack systems that have not been updated.
Finally, the FBI emphasized the importance of identifying phishing websites and ensuring that they have data backups to prevent them from becoming victims of ransomware attacks.