An FBI report released Tuesday said that ransomware infections caused more than $1.6 million in losses last year for individuals and businesses, even before experts began sounding the alarm over a cyber epidemic whose latest victims include yet another medical center following a slew of hacks affecting hospitals coast to coast.
The FBI’s Internet Crime Complaint Center, IC3, said in an annual report published this week that it received 2,453 complaints during the last calendar year concerning ransomware — a type of malware that allows hackers to take hold of an infected computer’s contents, usually until a victim agrees to pay a fee.
All told, criminal cyber activity ranging from hacktivist attacks to credit card fraud resulted in the IC3 receiving 288,012 complaints last year totaling more than $1.07 billion in reported losses. Of that sum, ransomware resulted in $1,620,814 in adjusted losses during the last calendar year, the report concluded.
Although the 236-page report indicates ransomware was nowhere near as prevalent as some other cyber-schemes during 2015, statistics suggest criminals are capitalizing more than ever off of the money-making scam. The IC3 only began making mention of ransomware in its 2012 report, and previously said it was aware of 1,402 ransomware victims during the second half of 2014, the likes of which was said to have resulted in roughly $490,000 in losses, or less than one-third of what last year’s infections yielded.
As Motherboard reported Wednesday, however, the IC3’s statistics only take into account instances where ransomware victims went to the authorities, and overwhelmingly elate to domestic incidents. Cybersecurity firm Kaspersky said previously that it spotted 179,209 computers in 2015 that had been infected with ransomware, and CNN said in April that the cost of those infections had amounted to $24 million.
In February, Hollywood Presbyterian Medical Center made headlines when the Los Angeles-area hospital announced that it had paid thousands of dollars to recover computer files that had been seized as the result of ransomware. MedStar Health Inc. shuttered computer networks at 10 hospitals and 250 outpatient centers across the greater Washington, D.C. region after becoming similarly infected in March, and in April the FBI released its second ransomware warning in four months.
Most recently, the president of Kansas Heart Hospital announced this week that it recently paid “a small amount” to ransomware perpetrators, only for the attackers to respond by asking for more.
ThreatTrack Security, a Florida-based firm, plans to release a report next week after interviewing 250 security professionals from the U.S. and determining nearly one-in-three are willing to pay ransom to recover their data. With regards to organizations that have already fallen victim to “cyberextortionists,” the report will say that more than half would likely pay a second ransom.
“Victims are faced with the choice of paying up or losing all their valuable data forever. Unfortunately, this approach works for cybercriminals, because consumers and businesses are unprepared for their data – whether it’s a business’ intellectual property or family photos – to be taken from them with no hope of retrieval unless they pay,” said Usman Choudhary, ThreatTrack’s chief product officer.
“Understandably, nearly 1 in 3 security professionals at companies say they’d be willing to pay for the safe recovery of stolen or encrypted data, and that number jumps to 55 percent at organizations that have already been targeted. Meanwhile, your average home user feels as if they have no choice but to pay,” he said in a statement.
Scams in which goods and services are shipped and payment is never rendered, and vice versa, ranked first nationally with respect to the number of victims, according to the IC3 report. In terms of financial damages, meanwhile, “Business Email Compromise” scams in which fraudsters use social engineering and hacking techniques to infiltrate legitimate business accounts ranked first with $246,226,016 in reported losses, according to the report.