How Ransomware Attacks Are Forcing Big Payments From Cities, Counties

Somewhere, likely far from U.S. shores, cybercriminals are reaping handsome rewards by wielding malicious software called Ryuk to attack places as random as LaPorte County, Ind., and Lake City, Fla.

The two locales recently paid attackers about $132,000 and $462,000, respectively, mostly through insurers to unlock government data after Ryuk attacks. The hackers also forced a six-figure bounty from a Georgia county earlier this year and have waged many more assaults on public- and private-sector victims, from California to upstate New York.

Ransomware is a form of cybercrime that involves locking up files and demanding bitcoin payments for the electronic keys. Ryuk, which first appeared last year, is on the leading edge of more targeted ransomware hacks that are calibrated to force big payments from overwhelmed victims.

Ryuk “was particularly insidious in that it jumped over all our firewalls and was able to penetrate backup servers,” said Vidya Kora, president of the LaPorte County Commission, after the county of 110,000 got hit this month.

Ryuk has fast become the most common form of ransomware, accounting for about 24% of attacks in the second quarter of this year, up from 18% in the first quarter, according to a survey of clients by Connecticut-based cybersecurity firm Coveware.

Some cybersecurity firms believe the Ryuk perpetrators are a small group operating inside Russia or a country nearby. Their strategy includes attacking bigger networks—rather than individual personal computers—and extracting far heftier ransoms compared with other types of ransomware.

“They’re going after big game rather than trying to shoot a bunch of squirrels,” said Adam Meyers, vice president of intelligence at cybersecurity firm CrowdStrike Inc. He said as recently as 2015, ransomware attackers often locked up single PCs and demanded payments of around $500.

https://www.wsj.com/articles/how-ransomware-attacks-are-forcing-big-payments-from-cities-counties-11564078222

And who has access to these sophisticated hacking tools?

Also, who is running out of access to the world's piggy bank?