The port of San Diego is the latest reported target of a ransomware attack demanding bitcoin payment. Core operations of the port continue to function, as only park permit, public record, and business services have been suspended. Port officials have not disclosed the amount of bitcoin demanded by attackers, nor is there any released information regarding the attackers’ identities.
Ransomware attacks encrypt victims’ files or computers, demanding payment in exchange for releasing decryption keys and making the files accessible again.
This latest attack comes in the shadow of other high-profile targets attacked in recent months, such as an attack on Atlanta’s municipal records database. Individuals have also become frequent targets of ransomware operations. Some reports have called the rash of ransomware attacks in the past few years an “epidemic”, although the incidence of such attacks may now be on the wane. In addition, the number of victims actually paying the ransoms may be in the minority.
Bitcoin has become a popular medium for ransom demands, both for cyberattacks and even for personal ransoms. Although statistics regarding Bitcoin’s use in cybercrime are hard to come by, the FBI website’s section on ransomware claims that ransoms are demanded “usually with bitcoins because of the anonymity this virtual currency provides”.
Despite Bitcoin’s use in such crimes, it is now widely recognized as being pseudo-anonymous, rather than truly anonymous. As CryptoGlobe reported earlier this month, the use of Bitcoin for ransom payments may soon fall in favor of more privacy-focused cryptocurrencies.
Research by professors at the University of Padua, Italy, gleaned that between $2.2 to $4.5 million may have been paid in ransom to cybercriminals conducting ransomware operations, between 2009 — when Bitcoin was originally released — and 2015.
During this time, the CryptoWall virus was responsible for the most damage out of all the malware researched in the paper, by a large margin. CryptoWall is a so-called “Trojan horse” that “typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware”.