Share

Biggest ransomware payouts so far

Ransomware is a nightmare to victims and a godsend to cyber criminals. It makes people cough up money for regaining access to data that belongs to them in the first place, no matter how cynical it may sound. This filthy business model is thriving due to a huge margin between the ransoms paid by victims and the cost of botnet-borne malicious spam that spawns the majority of these harmful payloads.

It doesn’t take a genius to understand that businesses pose a bigger lure for extortionists than home users. By taking a large computer network’s proprietary records hostage in one hit, crooks can negotiate from a position of strength and demand heftier amounts of money. No wonder ransomware attacks against companies, educational establishments, healthcare institutions and even police departments are regularly hitting the headlines. Below are highlights of the biggest reported ransoms paid to date.

1. Minus $1,600 for Austrian hotel

Romantik Seehotel Jaegerwirt, a 4-star hotel based in Austria, had to follow extortionists’ instructions to let their guests into their rooms. This ransomware attack, which is reminiscent of a science fiction plot, took place on January 28, 2017. The crypto infection locked down the hotel’s entire computer network, including the electronic key, cash desk, and reservation systems. Interestingly, it was reportedly the third attempt to attack this particular hotel – a successful one this time. At the end of the day, the administration was able to restore the affected services by paying €1,500 (about $1,600) worth of Bitcoin to the felons.

2. The University of Calgary submits $14,700 to crooks

A persistent crypto infection compromised the University of Calgary, Canada, on June 7, 2016. The perpetrating program affected staff and faculty email services. The malefactors dropped ransom notes on the institution’s servers, asking for 20,000 CAD (Canadian Dollars) in exchange for the decryption key. This sum is equivalent to approximately $14,700. Ultimately, to move on with their academic work, the university paid up.

3. LA hospital loses $17,000 in a ransomware incident

In a despicable move, online extortionists attacked Los Angeles-based Hollywood Presbyterian Medical Center on February 5, 2016. The ransomware infection rendered the electronic medical record system inaccessible to personnel. The hospital’s normal operation, therefore, was seriously disrupted in the aftermath of this compromise.

Confronted with such a predicament, HPMC administration decided to pay the demanded 40 Bitcoins, which at the time was equivalent to about $17,000, to get the systems up and running. By the way, as of April 2017, this amount of cryptocurrency is worth approximately $52,000.

4. Madison County ends up paying $21,000

Another high-profile ransomware attack hit the administration of Madison County, Indiana. The incident took root on November 4, 2016. An unidentified strain of file-encrypting malware crippled a total of 600 machines and 75 servers, locking county employees out of work emails and documents. Fortunately, 911 emergency services were not affected.

Officials decided to meet the attackers’ demands and submitted $21,000 to restore hostage data. On top of that, County administration paid almost $200,000 to contractors in order to harden the network’s cyber defenses through offsite data storage and firewall protection.

5. LA college forced to pay $28,000

Los Angeles Valley College fell victim to an aggressive ransom Trojan in early January 2017. The infection encrypted data on LAVC’s entire computer network and thus prevented 1,800 college staff and 20,000 students from accessing emails, voicemail, spreadsheets, lesson plans, and the official website.

The attacker left a ransom note on one of the affected servers, threatening the administration to permanently delete the private decryption key unless a ransom was paid within seven days. Having weighed up the odds, the LA Community College District chose to submit a whopping $28,000 worth of Bitcoin to the threat actors.

Bottom line

The above information is based on publicly available official reports. It’s quite likely, though, that there have been even bigger payouts that never reached the headlines. The reason for not disclosing such details is obvious – company officials who elect to submit large ransoms wish to avoid reputational risks and possible legal issues. One way or another, the digital extortion quandary wouldn’t be nearly as acute if every organization had a viable data backup strategy in place.

Author’s Bio

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.

Comment this news or article