'Destructive' malware attacks have surged 200% in past year, experts say

By Daniel Uria
Harmful malware cyberattacks have substantially increased since the latter half of 2018, analysts say in a new report. File Photo by Joffi/Pixabay
Harmful malware cyberattacks have substantially increased since the latter half of 2018, analysts say in a new report. File Photo by Joffi/Pixabay

Aug. 7 (UPI) -- As several U.S. cities grapple with recent ransomware cyberattacks, a new report says malware events featuring destructive elements that can wipe away or hijack data have doubled in the past year.

IBM's X-Force Incident Response and Intelligence Services team released the report Monday, which outlines a 200 percent increase in the number of destructive attacks it's responded to since the second half of 2018.


IRIS said it primarily observed nation-state actors employing destructive "wiper" malware, which can delete data from a target's computers to cause harm or "send a message" to geopolitical opponents. The team also noted an increase in cybercriminals employing such methods in their attacks on commercial entities.

"Cybercriminals may be adopting these destructive elements to add pressure to their demands that victims pay the ransom -- adding irreparable data destruction to encryption as a potential repercussion," the report states. "Alternatively, criminals may be using wiper malware to lash out at victims if they feel wronged, using destructive attacks more impulsively rather than strategically."

IRIS said these destructive attacks destroy an average of 12,000 machines per company, require 512 hours of recovery time and cost the companies $239 million each.


Experts say "wiper" elements have been incorporated into new strains of malware, such as MegaCortex, which has been linked to costly cyberattacks in the past. A new variant of MegaCortex was recently seen in a series of attacks in the United States and the European Union, according to a blog post by digital services company Accenture.

The attacks have included ransom notes that demanded between $20,000 and $5.8 million in bitcoin to free hijacked files.

Malware researcher Leo Fernandes quoted a ransom note in the blog post Monday: "We are working for profit. The core of this criminal business is to give back your valuable data in the original form (for ransom of course)."

The evolution of sophisticated cyberattacks has led to serious difficulties for businesses, and now municipalities in the United States. Several cities -- including Baltimore, Atlanta and several smaller towns in North Carolina and Florida -- have been dealing with severe fallout from intrusions for a number of weeks. Some -- including two Florida cities and a health center in Louisville, Ky. -- have elected to pay the ransom, believing it the easiest way to recover critical digital data.

Louisville's federally funded Park DuValle Community Health Center paid a $70,000 ransom for an attack in April, only to be hit again in June. CEO Ann Hagan-Grisby said decryption keys, necessary to recover hijacked data, were exchanged for payment. She added there is no evidence the hackers compromised patient information.


The Louisville Regional Airport Authority was also targeted by a ransomware attack in May. In that case, no ransom was paid and the authority was able to restore files by backing up its data before the attack -- a precaution experts recommend for all potential victims.

Georgia's state court system and some areas in Europe have also been targeted in recent weeks.

Latest Headlines