Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Inside the thriving ransomware market

Steve Ragan | Oct. 23, 2017
Criminal marketplaces are teeming with ransomware offers and ad placements. Some criminals participating in this booming economy stand to pull down upwards of $100,000 annually

Locky Ransomware infects a Windows 10 computer

Researchers at Carbon Black examined the ransomware market and discovered some interesting facts about the booming criminal economy. Mirroring some of the legal technology markets, such as those for software development, the market for Ransomware is dominated by unique custom solutions and turnkey offerings.

For two months researchers at Carbon Black studied how ransomware and developed and sold to criminals on the darknet. As one would expect, there are thousands of products (45,000) on offer from hundreds of sellers.

If you consider the prices of the ransomware products being pitched, the overall ransomware economy has grown more than 2,500-percent, from about $250,000 to $6.24 million from 2016 to 2017.

However, while those figures come from the base price for ransomware offerings themselves. It's hard to account for customization and tailored services, and it doesn't take into consideration that some ransomware products simply don't sell.

So, what happens after the ransom is paid? Does the person running the ransomware campaign just collect funds and move on? It's easy to assume that's the case, but the reality is completely different.

While some sellers are making more than $100,000 a year off ransomware, others are barely breaking even. Usually those not making a tidy profit are bottom feeders who have way too much overhead, or those who haphazardly throw together a list of potental targets in the hopes of getting payments made.

Developers of ransomware are making a killing too, because they can create customized solutions – where the real money is – and functional kits that require little to no experience, training, or infrastructure (turnkey solutions).


Ransomware a thriving market

Ransomware offerings range from basic $10 offerings to targeted offerings on Android ($250) and even customized offerings for $1400. The more customization that's required, the higher the price. The most expensive ransomware offering observed by Carbon Black was $3,000, but the entire kit was completely customized and used for targeted campaigns.

When it comes to customization, ransomware authors offer a number of options including encryption level, file targeting or copying, the ability to delete files if the system is rebooted, malware persistence, or even a forced timer that will delete files every 24 hours if the ransom demand isn't met.

A wide selection of options is just one of the reasons the economy tied to ransomware has flourished. Another reason is availability. With very little investment and overhead, anyone has the opportunity to run a decently sized campaign.

"Not only have the dark web marketplaces evolved to better support high-risk, low-trust transactions through escrow systems, but the requirement for ransoms to be paid over the Tor network has ensured there’s no centralized endpoint to investigate with traditional geo-based law enforcement approaches," Carbon Black's researchers explained.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.