It is estimated that last year’s total global ransomware payments increased by more than 300% from 2019 to reach $ 350 million. To stop the growing trend of ransomware attacks, the new site wants to shed a coveted light on where victim payments go.

image:

Getty

Cleverly called Ransomwhere, this site was created by security researcher Jack Cable. Cable worked with the Cybersecurity and Infrastructure Security Agency (CISA) as a security advisor for the 2020 elections. He also spent years as a red team hacker acting as an enemy, looking for bug bounties to help organizations discover and mitigate weaknesses in cyber defense.

In an interview with TechCrunch, Cable said he was prompted to create Ransomwhere after reading a tweet from Intel Katie Nickels’ Red Canary director. In response to a question about whether the information security community could estimate the total loss associated with the infamous TrickBot malware, Nickel said no one knew the real impact. As a result, she added, it is difficult to know if the behavior of a particular victim, such as paying a ransom or refusing to pay, makes a difference.

He added that it’s great that the cable chimes and the raw data or dashboard tracks payments by strain. No such thing existed, so he set out to create it … and Ransomwhere was born.

To date, Ransomwhere has tracked ransom payments in excess of $ 56 million. So far, Netwalker dominates the leaderboard with over 520 payments. This includes paying hundreds of Bitcoins, where the two largest Bitcoins at today’s exchange rates are converted to $ 7.4 million and $ 8.6 million.

Largest single payment: 413 Bitcoins or just $ 14 million shy sent to RagnarLocker ransomware operators in July 2020.

The data that powers Ransomwhere is crowdsourced and all reports should include screenshots of the ransom request for verification. Currently, Cable is personally verifying the submission.

All information entered into the Ransomwhere database is freely available for download and analysis by other security professionals. No data about the victim will be shared.

Not all ransomware gangs demand Bitcoin, so ransomware cannot draw a complete picture on its own. Other cryptocurrencies like Monero can be nearly impossible to track, so you may not be able to see the full impact of a ransomware attack.

Nonetheless, insights such as those provided by Ransomwhere help make the seemingly impossible goal of curbing ransomware gangsters a top priority for the Biden administration.

