6 billion records hacked in 2017 so far; ransomware victims paid $25 million

With every passing day, hackers and cyber criminals are becoming more sophisticated in their attacks. Resultantly, they are getting their hands on highly critical and sensitive data from almost every institution around the world.

According to a mid-year report by Risk Based Security (RBS), a Richmond Virginia based company who keeps an eye on data breaches, there have been 2,227 incidents of data breaches as of June 2017 allowing hackers to steal 6 billion records.

This means that in last six months hackers have stolen more data than the total number of medical and financial records stolen in the whole of 2016.

According to Executive Vice President for Risk Based Security Inga Goddijn, “It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents.”

The report further states that hackers are increasingly using phishing techniques against US citizens to steal employment and tax related data. In 2016 around 160 phishing attacks were responsible for stealing W-2 information (wage and salary information for employees). However, things have gone worse in the first six months of 2017 since there has been a 25% increase in these attacks.

“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise financial gain motivates incidents. As long as information can be quickly monetized and systems remain vulnerable to attack, we should not expect to see any slowdown in breach activity,” said Goddijn.

Ransomware victims have paid $25 million to cyber criminals

It is a fact that there has been a sudden surge in ransomware attacks against unsuspecting users, educational institutions, government bodies businesses, medical centers, and hospitals. The WannaCry ransomware and Petya wiper malware attack are the best example of the increasing ransomware campaigns.

In a separate study conducted by researchers from University of California San Diego, New York University Tandon School of Engineering, Chainalysis, and Google have found out that victims are paying a massive amount of ransom to cyber criminals.

In their study, researchers analyzed 34 families of ransomware discovering that only a few of them have made a lot of profit. One of them was Locky that earned $8.85 million and was the “patient zero” of this recent problem.

Locky was one of the first and most sophisticated ransomware programs which targeted users and kept its encryption and payment system separate from the groups spreading the malware. This allowed the ransomware to spread faster around the world.

NYU professor Damon McCoy told The Verge that  Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines. “Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which was much better at that end of the business.”

Other ransomware programs like Cerber and CryptXXX followed the same pattern and made $6.9 million and $1.9 million respectively the report reveals.

It was three months ago when Samyntec, a cyber security giant reported that not only Americans are number one target of ransomware attacks but also most likely to pay ransom to cyber criminals.

A targeted user pays ransom due to lack of knowledge of ransomware decryption programs. Also, there’s not much out there for a layman to go through to decrypt their data without the help of a specialist which is not easy to get in touch with. Most importantly, FBI encourages users to pay ransom whenever their system is infected with a ransomware malware.

However, it is highly advised not to pay ransom to cyber criminals and don’t feed them. Last year, cyber security giants started No More Ransomware initiative aiming at unlocking and decrypting user data for absolutely free. 

In case you are looking for how one can prevent the growing issue of ransomware following this link.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.