Years ago, this malware was hitting millions of personal devices worldwide. A gloomy pop-up would block your screen, announcing that all your files (and even your hard drive) have been encrypted. Only the hacker has the key to decrypt them again… in exchange for a crypto payment, of course. That’s ransomware, and now it’s mainly affecting institutions and companies.

According to Chainalysis, these attacks amassed $457 million in 2022. That’s a decrease of 40% par rapport to 2021, but it’s hardly good news. As more victims are refusing to pay, ransomware attacks are becoming more vicious, targeted, and expensive. The average ransomware attack is now costing over $1 million.

Besides, data exfiltration is now common: if the company/organization refuses to pay, the hackers may publish or sell their private data on the Darknet. As indicated by Blackfog, around 89% of all attacks are involving data exfiltration. This is especially bad for companies, which can lose a lot of money with their secrets.

Crypto-ransomware-2022-Blackfog
Institutions most targeted by ransomware in 2022. By Blackfog

So far, the most affected countries seem to be the United States, Canada, and the United Kingdom. At the same time, the data is mostly exfiltrated to China and Russia. For Immunefi, around $70 million in ransomware payments were made in Bitcoin (BTC) in 2022. Other cryptocurrencies, like Ethereum (ETH), Monero (XMR), and several pièces stables were common as well.

To cash out the gains from ransomware to institutions, the hackers use fake IDs in centralized exchanges like Binance or go to lesser-known and sanctioned platforms, such as Garantex.io. In theory, cryptocurrencies comme Bitcoin can be traced, but that doesn’t matter if the exchanges don’t cooperate. Usually, hackers take refuge in jurisdictions where international sanctions are avoided, like North Korea, Iran, and Russia.  

How institutions can protect against ransomware

It’s always important to keep the basic security measures: antivirus platform, data backups, official websites, and strong passwords. In addition, firms like Immunefi have made some additional recommendations.

  • Prepare a data recovery plan (and budget) in advance. In addition to the backups, there are also other companies offering cybersecurity insurance for these cases.
  • It’s not advisable to pay the ransom. Cybercriminals may not comply with their word at all and sell the data anyway. A white-hat hacker can be of great help, as well as sites like Plus de rançon —where a group of experts publishes decryption tools for numerous ransomware variants.
Ransomware-institutions-decryption-tools
Some ransomware variants decrypted in No More Ransom
  • Provide cybersecurity training to all employees. People are always the weakest link in the chain. They can be deceived easily via mail or phone, when not trained.
  • Besides the antivirus, other security systems could be useful too. AntiSpyware, Anti-Ransomware, Anti-Phishing, Intrusion Detection & Prevention Systems (IDPS), and Firewalls are some examples.

Government branches, schools, hospitals, and all kinds of brands are being targeted by this malware globally. It’s very important to take action now.


Wanna trade BTC, ETH, and other tokens? You can do it sans encombre sur Alfacash! And don’t forget we’re talking about this and many other things on our social media.

Télégramme * Facebook * Instagram * Youtube *Twitter

Author

Je suis un professionnel de la littérature dans le monde de la crypto depuis 2016. Cela ne semble pas très compatible, mais j'apprends et enseigne depuis lors la blockchain et les cryptos pour des portails internationaux. Après des centaines d'articles et des contenus variés sur le sujet, vous pouvez désormais me retrouver ici sur Alfacash, œuvrant pour plus de décentralisation.

fr_FRFrançais