Petroleum distributor Colonial Pipeline, meat supplier JBS, and IT service provider Kaseya have all been in headlines not for stellar business performance but because they have been victims of crippling ransomware attacks. The site depends primarily upon ransomware victims and cybersecurity pros to submit data, which is then collated with the ransomware gang associated with the demand and the bitcoin wallet the attacker supplied for payment so payments can be tracked once they have been made, Cable says.Half of 2021 has already blown past and yet again ransomware has dominated infosec headlines. It also offers links to relevant news reports. The site lists information on 2,508 incidents, including the ransomware family, date of attack, bitcoin ransom paid, wallet address and hash. "While I am not currently connecting payments to specific attacks, I may in the future add links to publicly reported attacks," Cable says. In the meantime, some payments can be traced to a specific attack. Ransomware victims are not listed on the site, but Cable says he might eventually include this information. Overall, Netwalker, Ryuk, RagnarLocker, SynAck and REvil/Sodinokibi have received the most payments, according to the statistics posted to the site so far. The site also lists payments by week, month and year. Latest ransomware payment transactions as tracked by Ransomwhere The new Ransomwhere site includes data on total payments, latest transactions and latest reports of attacks. No one knows the real impact, so it's hard to know if actions change that impact or not.- Katie Nickels JTallying Up Payments Seriously, though, I think this is a huge part of the problem, especially around the ransomware ecosystem, but for cybercrime in general. "Furthermore, this data may be of use on the law enforcement side: As we saw with the Colonial Pipeline hack, law enforcement does have the ability to recover some payments, so it would be great if Ransomwhere can further aid their efforts."Ĭable says he was inspired to create Ransomwhere by a tweet posted by Katie Nickels, director of intel at Red Canary, who on June 8 said the overall impact of cybercrime is essentially unknown. Ransomwhere can help fill that gap," Cable says. "As we consider policy proposals to change the state of ransomware economics, we will need data to assess whether these actions are successful. Without such data, we can't know the full impact of ransomware and whether taking certain actions changes the picture."Ĭable hopes the website will call attention to the size of the ransomware problem. The researcher added: "Today, there's no comprehensive public data on the total number of ransomware payments. "And it's crowdsourced, so anyone can submit reports of ransomware they've been infected with or otherwise observed. It's public, so anyone can view and download the data," Cable wrote on Twitter. "Ransomwhere aims to fill that gap by tracking bitcoin transactions associated with ransomware groups. Independent EffortĬable says he created Ransomwhere on his own it's not connected with his employer, Krebs Stamos Group. The numbers loaded so far represent a preliminary sampling of ransoms paid, based on information gathered from victims and cybersecurity pros and tracked in publicly viewable bitcoin transactions, Cable says. As of Monday, it listed more than $60 million in ransoms paid in 2,500 incidents dating back to 2015. Jack Cable, a security architect at the Krebs Stamos Group, announced the site Thursday. See Also: Webinar | How the SASE Architecture Enables Remote Work The new Ransomwhere site attempts to compare ransoms gained by various ransomware gangs.Ī white-hat hacker has created a crowdsourced website, Ransomwhere, dedicated to tracking payments made to ransomware gangs to help create a better understanding of the cybercriminal ecosystem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |