Researchers at Carbon Black examined the ransomware market and discovered some interesting facts about the booming criminal economy. Mirroring some of the legal technology markets, such as those for software development, the market for Ransomware is dominated by unique custom solutions and turnkey offerings.
For two months researchers at Carbon Black studied how ransomware and developed and sold to criminals on the darknet. As one would expect, there are thousands of products (45,000) on offer from hundreds of sellers.
If you consider the prices of the ransomware products being pitched, the overall ransomware economy has grown more than 2,500-percent, from about $250,000 to $6.24 million from 2016 to 2017.
However, while those figures come from the base price for ransomware offerings themselves. It's hard to account for customization and tailored services, and it doesn't take into consideration that some ransomware products simply don't sell.
So, what happens after the ransom is paid? Does the person running the ransomware campaign just collect funds and move on? It's easy to assume that's the case, but the reality is completely different.
While some sellers are making more than $100,000 a year off ransomware, others are barely breaking even. Usually those not making a tidy profit are bottom feeders who have way too much overhead, or those who haphazardly throw together a list of potental targets in the hopes of getting payments made.
Developers of ransomware are making a killing too, because they can create customized solutions – where the real money is – and functional kits that require little to no experience, training, or infrastructure (turnkey solutions).
Ransomware a thriving market
Ransomware offerings range from basic $10 offerings to targeted offerings on Android ($250) and even customized offerings for $1400. The more customization that's required, the higher the price. The most expensive ransomware offering observed by Carbon Black was $3,000, but the entire kit was completely customized and used for targeted campaigns.
When it comes to customization, ransomware authors offer a number of options including encryption level, file targeting or copying, the ability to delete files if the system is rebooted, malware persistence, or even a forced timer that will delete files every 24 hours if the ransom demand isn't met.
A wide selection of options is just one of the reasons the economy tied to ransomware has flourished. Another reason is availability. With very little investment and overhead, anyone has the opportunity to run a decently sized campaign.
"Not only have the dark web marketplaces evolved to better support high-risk, low-trust transactions through escrow systems, but the requirement for ransoms to be paid over the Tor network has ensured there’s no centralized endpoint to investigate with traditional geo-based law enforcement approaches," Carbon Black's researchers explained.
Sign up for CIO Asia eNewsletters.