Tag Archives: ransomware

Ransomware Attacks

Ransomware is malware (malicious software) that utilizes encryption to hold a victim’s data ransom. Important data is encrypted to block the owner’s access to files, databases, or software. To gain access, a ransom is then demanded. The most dangerous aspect of ransomware is how rapidly it can spread across a network and affect all of an organization’s databases and servers.

Cybercriminals make billions of dollars from ransomware, and businesses and governments pay a high cost in ransom, expenses and lost data.

Recent Ransomware Attacks

Companies like the Colonial Pipeline, Steamship Authority of Massachusetts, JBS (the world’s largest meatpacker), and the Metropolitan Police Department of Washington, DC were attacked in 2021. The ransom payments to the hackers caused the shutdown of critical infrastructure and subsequent deficiencies, enhanced costs of goods/services, the shutdown of operations and financial losses.

Attacks on the healthcare sector

In 2020, ransomware attacks cost the economy $20 billion in impacted revenue, lawsuits, and ransom paid, according to a new report. A total of 92 ransomware attacks hit more than 600 healthcare facilities in 2020.

Colonial Pipeline Attack

In April 2021, due to the pipeline’s critical role in the national infrastructure system, this attack had a significant impact on the US. Major disruption in gas supplies caused an uproar on America’s east coast after system failures halted the flow of gas.

Brenntag Attack  

Brenntag,  a chemical marketing firm, was targeted by DarkSide in May 2021. The hackers stole 150GB of data, for which Brenntag paid $4.4 million (of the $7.5 million demanded).

Quanta Attack

In April 2021, the REvil gang demanded a $50 million ransom from computer manufacturer Quanta. Apple product blueprints obtained from Quanta were leaked, and the hackers threatened to expose more sensitive information and files.

Acer Attack

The REvil hacker group, which also targeted Travelex, a London-based foreign exchange firm, attacked Acer in May 2021. To date, the $50 million ransom is the largest ever recorded.

CNA Attack

A ransomware attack on a large insurance firm occurred in March 2021. The hacker group targeted CNA’s network, encrypting 15,000 devices, many of which belonged to remote workers.

Rockets Attack

In April 2021, the hacker group Babuk was alleged to have compromised 500GB of private documents about the Houston Rockets from the National Basketball Association (NBA).

AXA Attack.

The Avaddon gang struck European insurance company AXA in May, shortly after major alterations to their insurance policy were made public.

How to Avoid Ransomware Attacks

Be prepared to lessen the chances of an attack. Ensure you have anti-ransomware software installed on all of your computers. If a link is not safe, do not click on it.

As a result of malicious websites, software downloads, and spam mail, ransomware infections can spread. To avoid phishing, do not give out personal information. Never open an attachment from an unknown email. Keep your software and operating system current.

Not only should you avoid downloading files from untrusted sources, but avoid using USB drives. When using public WiFi networks, be cautious. Use only a VPN.

What to Do When You Are Attacked?

To begin, never pay a ransom to decrypt your files when you have no way to be sure you’ll get them back. Your Wi-Fi should be turned off and the network disconnected.  Investigate the attack online using a different device to find out the type of ransomware and any other info displayed on your screen. Take a picture as a record. Consult an expert about your system and notify the appropriate authorities about the attack. And to protect others from the attack, please report it to Bitcoin Who’s Who here: Report Bitcoin Ransomware

The Future of Bitcoin KYC

Free Bitcoin KYC
The addition of two Iranian SamSam ransomware bitcoin addresses to the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) list ushered in a new era in Know Your Customer, Counter Terrorist Financing and Anti-Money Laundering (KYC/CTF/AML) regulation compliance for bitcoin transactions. From now on, no one is allowed to transact with these two bitcoin addresses:

1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V
149w62rY42aZBox8fGcmqNsXUzSStKeq8C

It’s a significant first. For responsible crypto exchanges and bitcoin ATMs operating in this wild west legal environment there are very few FREE KYC/CTF/AML compliance tools available. BitcoinWhosWho.com provides open-source data necessary to adhere to burgeoning global KYC/CTF/AML procedures involving bitcoin transactions.

  • Monitor OFAC List
    Prevent scam addresses from registering at an exchange.
  • Bitcoin Transaction Profiling
    Warn customers before they send bitcoin to an accused scammer.
  • Wallet Risk Assessment
    Mark wallets which have transacted with “scam” wallets to a higher degree of risk.

Continue reading The Future of Bitcoin KYC

Bitcoin Ransomware Addresses

List of Bitcoin Ransomware Addresses

Ransomware Name Bitcoin Address
CryptoLocker 4.0 15sJ3pT7J6zefRs95SEsfBZMz8jAw1zAbh
CryptoLocker 1HrEqMHQVWhKuCg7a3rxo2tAFAiKquJ5iP
CryptoLocker 1EJbVfn5hXQ9JcfRyn965UKpNX4qxRW7pY
CryptoLocker 14bgivtRtTjzwiS4rRECoKGXkSZbf1Co39
CryptoTorLocker2015 1KpP1YGGxPHKTLgET82JBngcsBuifp3noW
DMALocker 1382JAg5xbQv7QNwq1svDeyw6ELtNCmujG
Bucbi 1MfVk1utxgvGjMFV3K3CzXsDRDZznj5tey
CryptoHost 18AVPLKGBamXtGpdT3kP2b5Dv3iBUDpjKv
7ev3n 1Lud76Q98VRHCUiyK7XUs7AgFofrqXeP78
TeslaCrypt 15Y2TmHrxjmRFxfNUttwb9aU4DifvDpWKM
TeslaCrypt 1NRn15kJnVRrptTSQJJnMD9KJcWkVFh1Gv
ThunderCrypt 14dqhE6XPoxkkttwwh7qTWmmSwXerWd2Ho
ThunderCrypt 18yfx86BwNK5xYKw71uaHwAxPgCGRJaqgg
ThunderCrypt 1HFY12o56xbHer3oeNxC99A7SGyXaR64hs
Trump Locker 1N82pq3XovKoJYqUmTrRiXftpNHZyu4jyv
Buddy 1AoNMLZfhw7cbMCKAhaKHiveMdwFyVUGeA
Chimera 1JHxr5sbXDoZuDsx624TmZ2MWyDdD9ag8K
CTB Locker 1Hf2vPmYNxzFYWiaURs75h8JoyCczLXCG2
CTB Locker 1E4jsfwFsKVaAVFNfrmGVgDY1HRU8qf7PV
Jigsaw 15fbyNgDnqYQR5vSHJ8PTAEJbKy4dwNBCZ

Bitcoin Ransomware Links

Evolution of Encrypting Ransomware

Ransomeware Notes

WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

WannaCry Ransom Note
UPDATE: WannaCry Ransomware Attack up to 14.08007493 BTC on 92 payments as of 11:30am ET May 13. Balances more than doubled in 12 hours.

Today’s widely reported WannaCry ransomware attack is extensive, growing and has already yielded ~USD$12k in profits according to a quick analysis of the BTC addresses involved. On May 12 the 3 bitcoin addresses known to be receiving extortion payments show receipt of 6.49372428 BTC in 39 separate transactions with ransom varying between .15 to .30 BTC each. None of the balances have been moved to new bitcoin addresses since receipt.

The WannaCry Ransomware Bitcoin Addresses Continue reading WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

Bitcoin Ransomware Attacks

This is a list of bitcoin ransomware attacks which I will be updating periodically as more become public.

Last Updated 11-June-2016

Date BTC Amount Paid (USD) Target City Country Virus Name Source
6/29/2016 500 Sports Team USA vocativ.com
6/7/2016 20,000 University Calgary, OT CA cbc.ca
4/25/2016 NA Utility Lansing, MI USA theregister.co.uk
4/1/2016 750 Fire Department Snoqualmie, WA USA CryptoLocker “Locky” eastofseattle.news
3/1/2016 Pending (4 BTC) Hospital Henderson, KY USA CryptoLocker “Locky” livebitcoinnews.com
3/1/2016 Pending Hospital Baltimore, MD USA Samsam aka MSIL or Samas baltimoresun.com
2/1/2016 17000 Hospital Los Angeles, CA USA CryptoLocker “Locky” wired.com
2/1/2016 450 Police Station Melrose, MA USA   ibtimes.co.uk
12/10/2015 500 Retail Store Calgary, OT CA cbc.ca
10/1/2015 572 Sheriff Office Dickson County, TN USA   bostonglobe.com
4/1/2015 500 Police Station Tewksbury, MA USA KEYHolder bostonglobe.com
1/1/2015 500 Police Station Midlothian, IL USA   bostonglobe.com
11/1/2013 750 Police Station Swansea, MA USA CryptoLocker “Locky” bostonglobe.com

From pymnts.com

In 2015, the FBI received roughly 2,453 complaints related to ransomware malware attacks, which amounted to $24.1 million in losses for victims

Related from The Merkle 11-June-2016
Cisco Ransomware Tool Can Now Decrypt All Versions of TeslaCrypt