This Year in Ransomware Payouts (2019 Edition)

[harlan4096]

What Were the Biggest Ransomware Payments? Which Organizations Paid the Ransom?

Even though 2017 still remains the year when we saw the ransomware pandemic at its peak, cybercriminals will not stop these attacks on individuals and businesses anytime soon. Unfortunately, ransomware attacks continued to make headlines this year as well. So, in this article, I’m going to look at the highest ransomware payouts of 2019, what organizations paid the ransom, and explain why it’s never a good idea to pay.

But first of all, let’s start with some mind-blowing 2019 ransomware statistics from 2019.

Ransomware statistics in 2019

Here are the most shocking ransomware facts coming from 2019 alone:

* Two-thirds of ransomware attacks targeted state and local governments.
* 55% of SMBs from the US would pay hackers to recover their stolen data in ransomware attacks.
* Over 500 US schools were affected by ransomware attacks in 2019.
* Almost 70 US government organizations were infected with ransomware since January 2019.
* A total of 140 US local governments, police stations, and hospitals have been infected with ransomware.
* In the third quarter of 2019, the average ransomware payout increased to $41,000.

The most significant ransomware payouts of 2019

In the best-case scenario, victims of ransomware could simply wipe their systems and recover their data from offline backups. However, some organizations don’t keep any backups at all. Or worse, even if they do have copies of their data, sometimes they also end up being locked up by cybercriminals.

There are times when ransomware victims can decrypt their files with free ransomware decryption tools but sadly, there isn’t a decryptor available for all the ransomware strains out there. This sometimes leads to companies paying the ransom, being desperate to get their business back up and running.

Without further ado, below you will find the most significant ransomware payouts of 2019.

#6. Park DuValle Community Health Center, Kentucky, USA

June 2019

Amount paid: $70,000

In June 2019, Park DuValle Community Health Center had the medical records of almost 20,000 patients encrypted by ransomware and ended up paying the $70,000 ransom. The attack had left them locked out of their system for almost two months, impacting the health center’s medical records system and appointment scheduling tool.

For seven weeks, they had to record the patients’ information on pen and paper and ask them to speak from memory about their past treatments. The health care center basically had to operate on a walk-in basis since they were not able to schedule appointments or view any data.

“This is everything. This is medical records, contact information, insurance information, anything about a patient…everything is gone,” said Elizabeth Ann Hagan-Grigsby, CEO of Park DuValle. “The records involved are for past and present patients,” she continued.
This was the second time during the same year that Park Duvalle was impacted by a ransomware attack. Back in April 2019, their systems had been locked down for about three weeks. This time, they had their data backed up, so they did not pay the ransom. However, the second time, they were unable to recover their data from the backups, so they decided to pay the ransom to restore it.

The amount was paid in 6 bitcoins (the equivalent of $70,000). Cybercriminals provided the encryption keys and Park DuValle was able to recover its data.

#5. Stratford City, Ontario, Canada

April 2019

Amount paid: $71,000

In April of this year, the City of Stratford also became a victim of a ransomware attack that chose to pay the ransom. According to the story published on Cybersecurity Insiders, the malware was installed on six of their servers on a physical note, that encrypted two virtual servers as well, leaving their sensitive data locked down.

Even though they received warnings from officials, they paid 10 bitcoins, which at the time of attack meant roughly $71,000. The security company they contacted was not able to recover their data and was only involved in forensics. Consequently, the city negotiated the price that needed to be paid for their information to become available again. Their cyber insurance covered $15,000 of the ransom.

It seems that no personally identifiable information data was compromised and revealed in this ransomware incident.

#4. La Porte County, Indiana, USA

July 2019

Amount paid: $130,000

Another victim of the Ryuk ransomware, La Porte County, Indiana, paid $130,000 to recover their data.

The attack happened on July 6 and was noticed right before it managed to spread to all of the network’s computers. The IT staff confined it to less than 7% of machines, however, two domain controllers were impacted and thus, network services became unavailable.

According to the source, the FBI and a forensic investigation firm attempted to recover the data without paying the ransom, but their efforts proved to be unsuccessful. $100,000 out of the $130,000 payment demand was covered by insurance.

Apparently, the county did have back up servers in place, however, they became infected by ransomware as well.

The ransomware that affected La Porte County’s systems is allegedly Ryuk, the same strain that affected Lake City. It was called a “triple threat” because it originated from an Emotet infection that delivered the Trickbot trojan, which then launched Ryuk.
...

Continue Reading