Top 5 ransomware operators by income


Jack Cable, a security architect at Krebs Stamos group, and a former U.S. Cybersecurity and Infrastructure Security Agency worker, has started a ransomware payments tracking site called Ransomewhere.

Because bitcoin transactions are public, you can see—if you look—who’s getting paid how much.

Ransomwhe.re keeps a running tally of ransoms paid based on anonymous self-reporting by the victims of ransomware. The full database is available for free to researchers and all enforcement.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

So, who’s getting the most ransom money? As of the writing of this script, here are the top five.

  1. $12.7 million in bitcoin to Conti. The group behind Conti may be the same organization behind the Ryuk ransomware. The attack against Ireland’s Health Service is attributed to Conti.
  2. $12.1 million in bitcoin to REvil/Sodinokibi. They’re not the only one that offers ransomware as a service but they were one of the most successful at it. Their highest profile attack was against the Casey desktop management service, but they also attacked the U.S. military contractor HX5. However, on July 13, 2021, REvil infrastructure shut down.
  3. $4.6 million in bitcoin to Darkside. The attack against the Colonial Pipeline system is attributed to Darkside as is an attack against Toshiba. Its malware shares a lot of code with REvil’s. On May 14, 2021, Darkside announced it had lost access to its payment server, blog and funds.
  4. $4.5 million in bitcoin to RagnarLocker. This group has been around since 2019. It has been used against Portugal’s Energy Utility, the gaming company Capcom and more recently, DRAM and NAND flash maker ADATA.
  5. $4.2 million in bitcoin to MountLocker. This ransomware effort has been recently updated to better evade security. It’s been used more often against Biotech companies recently. Customized versions of MountLocker from Astro Locker and XingLocker are also out there.

It’s not reassuring to see the large amount of money going to ransomware, but if you need help making the case of why it’s important to prepare for it, maybe this helps. And the data itself is useful at getting a handle on what the threats out there are.

Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.

Also see



Source link