Top 5 ransomware operators by income
Jack Cable is a security architect at Krebs Stamos and a former worker for the U.S. Cybersecurity and Infrastructure Security Agency. He has created a Ransomware tracking site to track ransomware payments.
Bitcoin transactions can be viewed publicly so you can see who’s being paid and how much.
Ransomware maintains a running count of ransoms paid, based on anonymous self-reporting by ransomware victims. Researchers and enforcement can access the entire database for free.
SEE Password management: Security tips and best practices (free PDF) TechRepublic
Live Event Provided by Slack
Who is getting the most ransom? These are the top five ransom-paying actors as of the writing this script.
- $12.7 Million in Bitcoin to Conti. Conti may be the same group behind the Ryuk ransomware. Conti is responsible for the attack on Ireland’s Health Service.
- $12.1 million in bitcoin to REvil/Sodinokibi They attacked the Casey desktop administration service. However, they also attacked HX5, the U.S. military contractor. Ravil infrastructure was shut down on July 13, 2021.
- $4.6 Million in Bitcoin to DarkSide. An attack on the Colonial Pipeline is attributed to DarkSide, as well as an attack against Toshiba. Its malware shares many code similarities with Ravil’s. DarkSide announced that it lost access to its blog, payment server, and funds on May 14, 2021.
- RagnarLocker has received $4.5 million in bitcoin. It was used against Portugal’s Energy Utility and the gaming company Capcom, as well as ADATA, which is a DRAM/NAND flash maker.
- MountLocker received $4.2 million in bitcoin. This ransomware has been increasingly used against Biotech companies in recent years. There are also customized versions of MountLocker available from Astro Locker or XingLocker.
Although it is not comforting to see so much money being spent on ransomware, it can help you make the case for why it is important to be prepared. The data helps identify the threats.