Monday, July 12, 2021

New Website Aims To Shine A Light On Where Ransomware Payments Go

Lee Mathews
Senior Contributor
Cybersecurity
Observing, pondering, and writing about tech. Generally in that order.


Image: GETTY


Cleverly called Ransomwhere, the site is the creation of security researcher Jack Cable. Cable worked with the Cybersecurity and Infrastructure Security Agency (CISA) as security advisor for the 2020 elections. He’s also spent years hunting bug bounties and working as a red team hacker — acting as an adversary to help organizations discover and mitigate weaknesses in their cyber defenses.

In an interview with TechCrunch, Cable states that he was inspired to create Ransomwhere after reading a tweet from Red Canary Director of Intel Katie Nickels. Responding to a question about whether the infosec community could estimate total losses tied to the notorious TrickBot malware, Nickels noted that “No one knows the real impact.” She added that it’s therefor difficult to know whether specific victim actions — like paying or refusing to pay ransoms — makes a difference.

Cable chimed in, adding that it “would be awesome to have raw data or a dashboard tracking payments by strain.” Since no such thing existed he set about creating one... and Ransomwhere was born.

To date, Ransomwhere has tracked over $56 million in ransomwhere payments. So far, Netwalker dominates the leaderboard with more than 520 payments made. That includes several payments of hundreds of Bitcoin — the two biggest converting to $7.4 and $8.6 million at today’s exchange rate.

The largest single payment: 413 Bitcoin — or just shy of $14 million — sent to the operators of the RagnarLocker ransomware in July of 2020.

The data that powers Ransomwhere is crowdsourced, and all reports must include a screenshot of the ransom demand for verification purposes. Currently, Cable is verifying submissions personally.

All of the information that is entered into the Ransomwhere database is made freely available for other security professionals to download and analyze. No data about the victims is ever shared.

Not all ransomware gangs demand Bitcoin, so Ransomwhere won’t be able to paint a complete picture on its own. Because other cryptocurrencies like Monero can be nearly impossible to track we may never know the full impact of ransomware attacks.

Nevertheless, insights like those that Ransomwhere provides will help make the seemingly impossible goal of reining in ransomware gangs — a top priority the Biden administration — that much more achievable.



Lee Mathews
Lee started writing about software, hardware, and geek culture around the time that the Red Wings last won the Stanley Cup. The two aren't related in any way, however. When he's not catching up on tech news or blogging about it, you can find him watching or playing baseball and doing his part to ensure the next generation of geeks is raised properly.

No comments:

Post a Comment