Ransomware Extorts $25 Million in Payments over 2 Years

Ransomware Extorts $25 Million in Payments over 2 Years

A team of researchers from New York University (NYU), University of California, San Diego (UCSD) and Google estimates that victims of ransomware have paid out more than $25 million over the last two years.

The team, which also included researchers from Chainalysis, a blockchain analysis firm, examined 300,000 files from more than 30 different kinds of ransomware and tracked blockchain payments to estimate the amount and scale of money paid by victims. Their findings were presented at the Black Hat USA 2017 conference.

Danny Yuxing Huang, a Ph.D. candidate in Computer Science and Engineering UCSD and one of the researchers on the project, tracked bitcoins as they moved from potential victims to ransomware operators and from ransomware operators to coin exchanges, perhaps for liquidation.

"By masquerading as a part of the ransomware infrastructure," said Huang in a prepared statement, "I also gathered statistics on infected computers, such as the number of infections over time, and the geographical distribution of infected machines."

Last year was the first year ransomware was a multi-million-dollar industry, according to the researchers, and it wasn't necessarily the most well known ransomware that accounted for that growth.

The WannaCry attack, for example, generated seemingly endless headlines as it froze hospitals and more than 10,000 other organizations out of their own records, but it only pulled in about $140,000, good for the 11th spot on the list of ransomware with the largest payouts.

The researchers also noted that WannaCry wasn't true ransomware, but wipeware, as victims were not able to retrieve their data even after paying the ransom.

Locky and Cerber grabbed fewer headlines than WannaCry, but they're raking in money at $7.8 million and $6.9 million, respectively, in paid ransoms to date.

Locky is also notable for being the first ransomware to generate more than $1 million in monthly payments.

"Locky's big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines," said Damon McCoy, assistant professor of computer science at NYU, in a prepared statement. "Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business."

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • robot typing on a computer

    Microsoft Announces 'Computer Use' Automation in Copilot Studio

    Microsoft has introduced a new AI-powered feature called "computer use" for its Copilot Studio platform that allows agents to directly interact with Web sites and desktop applications using simulated mouse clicks, menu selections and text inputs.

  • laptop displaying a red padlock icon sits on a wooden desk with a digital network interface background

    Reports Highlight Domain Controllers as Prime Ransomware Targets

    A recent report from Microsoft reinforces warnings about the critical role Active Directory (AD) domain controllers play in large-scale ransomware attacks, aligning with U.S. government advisories on the persistent threat of AD compromise.

  • blue AI cloud connected to circuit lines, a server stack, and a shield with a padlock icon

    AI Security Controls Lag Behind Adoption of AI Cloud Services

    Nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls, according to a recent report from cybersecurity firm Wiz.

  • AI-powered individual working calmly on one side and a burnt-out person slumped over a laptop on the other

    Researchers: AI's Productivity Gains Come at a Cost

    A recent academic study found that as organizations adopt AI tools, they're not just streamlining workflows — they're piling on new demands. Researchers suggested that "AI technostress" is driving burnout and disrupting personal lives, even as organizations hail productivity gains.