2 min read

What About GandCrab's $2 Billion? Ransomware Operators Pocketed Only $140 Million Over Six Years, FBI Calculates

Filip TRUȚĂ

March 03, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
What About GandCrab's $2 Billion? Ransomware Operators Pocketed Only $140 Million Over Six Years, FBI Calculates

Ryuk, Dharma, Bitpaymer, SamSam and other prominent ransomware strains have generated hundreds of millions of dollars for their authors, according to calculations by the FBI. Does that mean the GandCrab gang, which doesn”t even make the FBI”s list, was lying about pocketing $2 billion before closing shop? Well, not exactly.

Over the past three years, ransomware operators have been advancing their tools and techniques not only to evade detection, but also to wring the most profit out of an attack. One such innovation is the practice of stealing the victim”s data and threatening to publish it online if payment is denied. As one would imagine, it works. In what is essentially a fully fledged data breach, ransomware that also threatens to publish stolen data is a scary affair. Most victims end up paying.

Counting every victim and every ransomware strain is difficult, but the most prolific incidents and ransomware families inevitably crop up over the years. The FBI recently decided to take a macro look and see the damage done by the most efficient and profitable ransomware strains. According to Joel DeCapua, a special agent in the bureau”s global operations and targeting unit, the tally between January 2013 and July 2019 sits at $144.35 million. If the number strikes you as suspiciously low, you”re not alone.

Speaking at the RSA Conference 2020, DeCapua said Ryuk took the lead with $61 million between February 2018 and October 2019 and Crysis/Dharma came in second at $24 million between November 2016 and November 2019. Third on the list was Bitpaymer, making $8 million between October 2017 and September 2019. SamSam, one of the most-used strains in attacks on healthcare institutions, allegedly made $6.9 million for its authors between 2016 and 2018.

$64 million of the total ransoms paid to cybercrooks is said to have passed through virtual currency exchanges before the bad guys cashed out. $37 million remains unspent, the agent said.

Avid cybersecurity news readers will probably notice something wrong with these figures – especially those keeping a close eye on the GandCrab gang in 2018 and 2019. When the infamous ransomware-as-a-service was retired, its authors claimed to have amassed $2 billion in payments from victims. Even if that number is inflated, it still should have beefed up the FBI”s tally well beyond the half-a-billion mark. So why isn”t the FBI mentioning GandCrab, arguably the most prolific ransomware strain in history?

According to ZDNet, the FBI only counted ransomware families that made demands in Bitcoin, cybercriminals” favorite digital currency. The GandCrab guys, as some readers may remember, demanded ransom in Dash, a crypto-currency that had just made its debut in cybercrime as GandCrab was wreaking havoc. There are, of course, many other ransomware strains out there cashing in using many different altcoins, so the real bottom line in ransomware profits is arguably much higher.

DeCapua also disclosed to his RSA audience that attackers mostly favor brute-force attacks on poorly-secured Remote Desktop Protocol (RDP) instances, trying out easy or common passwords until they get a match. And if RDP doesn”t cut it, phishing always works like a charm to trick unsuspecting users to hand over login credentials.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read