CryptoWall typically asks victims to pay the ransom in Bitcoin cryptocurrency, but earlier variants offered more payment options, including pre-paid cards like MoneyPak, Paysafecard, cashU, and Ukash.
The ransom amount grows if a victim doesn't pay the ransom within the initial allotted time, which is usually between four and seven days. The CTU researchers observed payments that ranged between $200 and $10,000 in value, the majority of them (64 percent) being of $500.
"Of nearly 625,000 infections, 1,683 victims (0.27%) paid the ransom, for a total take of $1,101,900 over the course of six months," the CTU researchers said.
This suggests that while CryptoWall managed to infect 100,000 more computers than CryptoLocker, it was less effective at generating income for its creators. Researchers determined in the past that 1.3 percent of CryptoLocker victims paid the ransom for a total of over 3 million dollars.
The difference in success rate might be explained through the technical barriers involved in obtaining Bitcoins, the CTU researchers said. In the case of CryptoLocker, 1.1 percent of victims paid the ransom through MoneyPak and only 0.21 percent used Bitcoin.
The CTU analysis found similarities between CryptoWall samples and those of an older ransomware family called Tobfy. If the same attackers are behind both threats, it means that they have at least several years of experience in ransomware operations.
Sign up for CIO Asia eNewsletters.