Federal Bureau of Investigation (FBI) was one of the attendees at the RSA 2020 conference which covers security and is attended by big companies like IBM and AT&T. This year, the conference lacked involvement from major tech giants due to the Coronavirus outbreak but FBI and others attended the event to talk about customer security. At the event, FBI released an interesting stat which claims that ransomware victims have paid over $140 million to the attackers in the last 6 years. The agency arrived at the number by analyzing bitcoin wallets and ransom notes.
FBI Special Agent Joel DeCapua presented his findings in two sessions explaining how he analyzed bitcoin wallets to arrive at the number. According to DeCapua, between October 2013 and November 2019, approximately $144,350,000 was paid in bitcoins to ransomware attackers. The most profitable ransomware was Ryuk which brought $61.26m. Ryuk was then followed by Crysis/Dharma at $24.48m and Bitpaymer at $8.04m. FBI noted that the ransom amounts could be higher as they don’t have the full data available. Most companies try and hide these details to prevent negative press and hurt their stock prices. DeCapua also revealed that Windows Remote Desktop Protocol (RDP) is the most common method used by attackers to gain access to the victim’s PC.
Recommendations from the FBI
RDP accounts for 70-80% of all network breaches which is why he recommended organizations use Network Level Authentication (NLA) for additional protection. DeCapua also suggested organizations to use complex passwords on their RDP accounts. He also recommended organizations to monitor updates and install updates for both apps and OS as soon as possible. It is very common for researchers to publish Proof-of-concept after a vulnerability is fixes so any bad actor can use it to attack a system that hasn’t been updated. Lastly, he stretched on the importance of identifying phishing websites and making sure they have data backups to prevent falling victim to a ransomware attack.