A ransomware organization has raked in tens of millions of dollars, according to a report.
The organization, identified as group “One,” walked away with 2,200 Bitcoin, according to a report by Vitali Kremez, CEO at Advanced Intelligence, a cybersecurity firm. That’s more than $33 million based on the current Bitcoin exchange rate.
The report was first cited by cybersecurity news site Bleeping Computer.
In a textbook ransomware attack, the attacker locks critical files and then provides instructions on how to unlock the files — provided that the victim pays. Recently, in some cases, criminals also threaten to expose sensitive files.
According to Kremez’s profile of the organization, the Ryuk “one” group reaps an average payment of 48 Bitcoin or close to $740,000 per attack and has pulled in over $150 million since 2018 at current Bitcoin exchange rates.
The profile also says the group is a “tough negotiator” and shows “rare leniency” and originates from Russian-speaking Eastern Europe, targeting technology, healthcare, energy and financial services.
The group’s multi-stage attack in this case involved finding available hosts on the network, stealing credentials, then deploying Ryuk ransomware, according to Bleeping Computer.
The Ryuk strain of ransomware has been on a tear, attacking 20 organizations per week, an October report from security specialist Check Point says.
There has been an almost twofold increase in the percentage of healthcare organizations affected by ransomware globally from the second quarter of this year to the third quarter, Check Point said, adding that the healthcare industry is the number one target in the U.S.
“The current pandemic has forced organizations to make rapid changes to their business structures, often leaving gaps in their IT systems. These gaps have given cybercriminals the opportunity to exploit security flaws and infiltrate an organization’s network,” Check Point said in its report.
Hackers often lock up hundreds of thousands of files, taking whole networks hostage.
“In some cases, organizations simply prefer to pay the price instead of dealing with encrypted files and recovering their IT systems. This creates a vicious cycle – the more these types of attacks succeed the more frequently they occur,” Check Point said.