Ransomware Extorts $25 Million in Payments over 2 Years

Ransomware Extorts $25 Million in Payments over 2 Years

A team of researchers from New York University (NYU), University of California, San Diego (UCSD) and Google estimates that victims of ransomware have paid out more than $25 million over the last two years.

The team, which also included researchers from Chainalysis, a blockchain analysis firm, examined 300,000 files from more than 30 different kinds of ransomware and tracked blockchain payments to estimate the amount and scale of money paid by victims. Their findings were presented at the Black Hat USA 2017 conference.

Danny Yuxing Huang, a Ph.D. candidate in Computer Science and Engineering UCSD and one of the researchers on the project, tracked bitcoins as they moved from potential victims to ransomware operators and from ransomware operators to coin exchanges, perhaps for liquidation.

"By masquerading as a part of the ransomware infrastructure," said Huang in a prepared statement, "I also gathered statistics on infected computers, such as the number of infections over time, and the geographical distribution of infected machines."

Last year was the first year ransomware was a multi-million-dollar industry, according to the researchers, and it wasn't necessarily the most well known ransomware that accounted for that growth.

The WannaCry attack, for example, generated seemingly endless headlines as it froze hospitals and more than 10,000 other organizations out of their own records, but it only pulled in about $140,000, good for the 11th spot on the list of ransomware with the largest payouts.

The researchers also noted that WannaCry wasn't true ransomware, but wipeware, as victims were not able to retrieve their data even after paying the ransom.

Locky and Cerber grabbed fewer headlines than WannaCry, but they're raking in money at $7.8 million and $6.9 million, respectively, in paid ransoms to date.

Locky is also notable for being the first ransomware to generate more than $1 million in monthly payments.

"Locky's big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines," said Damon McCoy, assistant professor of computer science at NYU, in a prepared statement. "Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business."

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  •  floating digital interface with glowing icons, surrounded by faint geometric shapes

    Digital Education Council Defines 5 Dimensions of AI Literacy

    A recent report from the Digital Education Council, a global community devoted to "revolutionizing the world of education and work through technology and collaboration," provides an AI literacy framework to help higher education institutions equip their constituents with foundational AI competencies.

  • computer screen displaying a landline phone being unplugged from a single cord, with a modern office desk, keyboard, and subtle lighting in the background

    Microsoft to Discontinue Skype Services

    Microsoft has announced that it is shutting down service for its Skype telecommunications and video calling services on May 5, 2025.

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.