Years ago, this malware was hitting millions of personal devices worldwide. A gloomy pop-up would block your screen, announcing that all your files (and even your hard drive) have been encrypted. Only the hacker has the key to decrypt them again… in exchange for a crypto payment, of course. That’s ransomware, and now it’s mainly affecting institutions and companies.

According to Chainalysis, these attacks amassed $457 million in 2022. That’s a decrease of 40% compared to 2021, but it’s hardly good news. As more victims are refusing to pay, ransomware attacks are becoming more vicious, targeted, and expensive. The average ransomware attack is now costing over $1 million.

Besides, data exfiltration is now common: if the company/organization refuses to pay, the hackers may publish or sell their private data on the Darknet. As indicated by Blackfog, around 89% of all attacks are involving data exfiltration. This is especially bad for companies, which can lose a lot of money with their secrets.

Crypto-ransomware-2022-Blackfog
Institutions most targeted by ransomware in 2022. By Blackfog

So far, the most affected countries seem to be the United States, Canada, and the United Kingdom. At the same time, the data is mostly exfiltrated to China and Russia. For Immunefi, around $70 million in ransomware payments were made in Bitcoin (BTC) in 2022. Other cryptocurrencies, like Ethereum (ETH), Monero (XMR), and several stablecoins were common as well.

To cash out the gains from ransomware to institutions, the hackers use fake IDs in centralized exchanges like Binance or go to lesser-known and sanctioned platforms, such as Garantex.io. In theory, cryptocurrencies like Bitcoin can be traced, but that doesn’t matter if the exchanges don’t cooperate. Usually, hackers take refuge in jurisdictions where international sanctions are avoided, like North Korea, Iran, and Russia.  

How institutions can protect against ransomware

It’s always important to keep the basic security measures: antivirus platform, data backups, official websites, and strong passwords. In addition, firms like Immunefi have made some additional recommendations.

  • Prepare a data recovery plan (and budget) in advance. In addition to the backups, there are also other companies offering cybersecurity insurance for these cases.
  • It’s not advisable to pay the ransom. Cybercriminals may not comply with their word at all and sell the data anyway. A white-hat hacker can be of great help, as well as sites like No More Ransom —where a group of experts publishes decryption tools for numerous ransomware variants.
Ransomware-institutions-decryption-tools
Some ransomware variants decrypted in No More Ransom
  • Provide cybersecurity training to all employees. People are always the weakest link in the chain. They can be deceived easily via mail or phone, when not trained.
  • Besides the antivirus, other security systems could be useful too. AntiSpyware, Anti-Ransomware, Anti-Phishing, Intrusion Detection & Prevention Systems (IDPS), and Firewalls are some examples.

Government branches, schools, hospitals, and all kinds of brands are being targeted by this malware globally. It’s very important to take action now.


Wanna trade BTC, ETH, and other tokens? You can do it safely on Alfacash! And don’t forget we’re talking about this and many other things on our social media.

Telegram * Facebook * Instagram * YouTube *Twitter

Author

I'm a literature professional in the crypto world since 2016. It doesn't sound very compatible, but I've been learning and teaching about blockchain and cryptos for international portals since then. After hundreds of articles and diverse content about the topic, now you can find me here on Alfacash, working for more decentralization.

en_USEnglish