‘Vicious cycle’ of attacks as hackers get rich off ransomware
It’s one of the biggest moneymakers for cyber criminals, experts say
Ransomware surged last year, becoming a multimillion-dollar business that’s so profitable it’s creating a “vicious cycle” of ever-increasing attacks, say researchers at New York University and Google who tracked the criminals’ payment networks.
“It’s here to stay,” said Elie Bursztein, anti-abuse research lead at Google.
The findings suggest that — even though the last two large ransomware attacks, WannaCry and Petya, did not seem to raise that much money — the criminal cyber industry in general has much to gain by exploiting users with these attacks.
The research team was able to track ransomware payment addresses and information via public sales of the digital currency bitcoin, watching more than $25 million in payments over the past two years. They plan to present their research Wednesday in Las Vegas at Black Hat, one of the country’s largest computer security conferences.
Ransomware is malicious software criminals use to first infect a victim’s computer and then encrypt the files on it. To regain access to their files, victims must pay a ransom, typically in anonymous digital currency such as bitcoin. It is increasingly one of the biggest money-makers for cyber criminals, who have been diligently creating new forms of it to boost earnings. A recent variant, Cerber, is able to fully encrypt a newly-infected computer in less than a minute and has consistently made $200,000 per month over the last year, the researchers found.
“It’s a vicious cycle; the more money they make, the more aggressively they spread the malware,” Bursztein said.
One popular method is “ransomware as a service,” where criminal organizations rent out ransomware programs and the support system necessary to get paid to other criminals, charging a cut of the profits for the service, a 2017 Verizon report on data breach investigations said.
Other innovations include ransoms that increase the longer the victim takes to pay, ransom prices that vary based on the estimated sensitivity of file names and a new option that allows victims to decrypt their files for free if they help infect others.
Ransomware programs aren’t typically “owned” by any one group of criminals. In fact, researchers tracked 34 different families of ransomware being distributed by criminals.