Ransomware Extorts $25 Million in Payments over 2 Years

Ransomware Extorts $25 Million in Payments over 2 Years

A team of researchers from New York University (NYU), University of California, San Diego (UCSD) and Google estimates that victims of ransomware have paid out more than $25 million over the last two years.

The team, which also included researchers from Chainalysis, a blockchain analysis firm, examined 300,000 files from more than 30 different kinds of ransomware and tracked blockchain payments to estimate the amount and scale of money paid by victims. Their findings were presented at the Black Hat USA 2017 conference.

Danny Yuxing Huang, a Ph.D. candidate in Computer Science and Engineering UCSD and one of the researchers on the project, tracked bitcoins as they moved from potential victims to ransomware operators and from ransomware operators to coin exchanges, perhaps for liquidation.

"By masquerading as a part of the ransomware infrastructure," said Huang in a prepared statement, "I also gathered statistics on infected computers, such as the number of infections over time, and the geographical distribution of infected machines."

Last year was the first year ransomware was a multi-million-dollar industry, according to the researchers, and it wasn't necessarily the most well known ransomware that accounted for that growth.

The WannaCry attack, for example, generated seemingly endless headlines as it froze hospitals and more than 10,000 other organizations out of their own records, but it only pulled in about $140,000, good for the 11th spot on the list of ransomware with the largest payouts.

The researchers also noted that WannaCry wasn't true ransomware, but wipeware, as victims were not able to retrieve their data even after paying the ransom.

Locky and Cerber grabbed fewer headlines than WannaCry, but they're raking in money at $7.8 million and $6.9 million, respectively, in paid ransoms to date.

Locky is also notable for being the first ransomware to generate more than $1 million in monthly payments.

"Locky's big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines," said Damon McCoy, assistant professor of computer science at NYU, in a prepared statement. "Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business."

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • man working on laptop outdoors

    Digital Leadership Must-Haves for 2025: A CDO's Picks

    Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital artwork of glowing, interconnected neural-like shapes on a gradient background of deep blue and vibrant purple

    Google Announces Upgrade to Flagship Gemini AI Platform, Enhancing Multimodal Capabilities

    Google has launched Gemini 2.0, designed to empower enterprise users and developers with advanced multimodal capabilities and enhanced performance.