A new report by Immunefi has analyzed the top payments in response to ransomware attacks.
The largest ransomware payment — where an organization pays to have their software freed from a malware attack — was by CNA Financial. The Chicago-based firm paid $40m to a Russia-based hacker group.
Ransomware hijacks and encrypts software on a device or network, only relinquishing control when a ransom has been paid.
JBS, a global food company, was also hit by a ransomware attack from Russia. They paid a total of $11m. CWT, a travel group based in Minneapolis, and Brenntag, a chemical distribution company, paid around four and a half million dollars. A different strain of ransomware hit all the top four payments.
The top ten ransom payments amounted to nearly $70m in BTC, according to the report.
Large organizations are often prime targets for ransomware attacks. The disruption of their systems can devastate them, making them more prone to paying a ransom. The report also shows that many ransomware hacker groups originate from Russia or North Korea.
All of the ransomware attacks in the report were paid in Bitcoin, representing $69,316,140 in ransom payments. In the legacy banking system, wire transfers of such amounts would be challenging. This represents one of the downsides of Bitcoin’s decentralization, accessibility, and anonymity. Globally, Bitcoin accounts for 98% of all ransomware payments.
Victims Are Paying Less to Hacker Groups
However, a recent report by Chainalysis shows that victims of ransomware attacks are increasingly refusing to pay.
Speaking to BeInCrypto, Adrian Hetman, Tech Lead of the triaging team at Immunefi, says that the number of ransomware attacks has not fallen that much. “What has fallen is the number of payments that companies are making. We’ve seen a massive drop of ransomware payments since 2019. However, we may potentially see new strains of ransomware appearing in the wild, or the creation of new RaaS [Ransomware as a Service] services.
“It’s always a game of cat and mouse with cyber criminals, and it’s hard to predict how it will play out in the next 3-6 months since the ecosystem moves so quickly.”
There are a variety of ways to fight back against ransomware attacks. These include up-to-date antivirus software, vigilance against phishing attacks, and regular backup of crucial information.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.