When zombie malware leads to big-money ransomware attacks



The first thing people want to know when there’s a new ransomware story going around is: How much are the crooks asking for this time?

Sadly, that is one question that victims themselves don’t need to ask, because the blackmailers who just attacked them will make jolly sure they know the “price”.

In one recent and confronting story, an educational establishment in Scotland was confronted with an extortion demand for a surprisingly specific sum of money.

This turned out to be the crooks boasting just how much they knew about the college they were attacking – it exactly matched the amount in the college’s bank account, which was the entire budget for the next 12 months. (The college refused to do a deal, so the crooks ended up with £0.)

But a much more important question, for ransomware victims and wide-eyed bystanders alike, is: How did the ransomware get in?

Indeed, that is probably the most important question of all, on the grounds that the crooks already know how they did it, having done it once already, so if you don’t figure it out, the crooks can come back and do it all over again.

Or a second bunch of crooks might figure it out for themselves, or buy the information from the crooks who were there before, and get in that way.

In 2020, we conducted a survey of IT managers in 5000 companies in 26 different countries and asked about ransomware attacks. Just over half of them (51%) revealed that they had been the victims of ransomware in the previous year. As if that weren’t dramatic enough, 40% of those victims admitted they had been hit twice or more – in other words, where crooks had got in once, either those same crooks or others had got back in later to repeat the crime. (A tiny silver lining in this survey was that of the 94% of the victims who recovered their data, about three-quarters managed to do so without paying extortion money to the criminals. Interestingly, those who paid up spent an average of just under $1.5M each, including the ransom, to get going again. Those who recovered on their own spent an average of just under $750k.)