With recent ransomware attacks like affecting hundreds of thousands of computer users around the globe— WannaCry alone impacted around 300,000, from the UK's National Health Service to the Russian postal service to Chinese government agencies, as reported by ZDNet—it's no wonder that IT departments are putting significant resources towards beefing up security systems.
And new research, first reported on by The Verge, from Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering has put an exact dollar amount on the funds extorted through ransomware attacks over the last two years: $25 million.
The research, which will be presented on Wednesday at Black Hat in Las Vegas, explored 34 different varieties of malware and carefully tracked blockchain payments—via public sales—to uncover the scale and scope of bounty money that was paid to hackers. Ninety-five percent of the ransomware payments were paid through a bitcoin exchange program.
Certain ransomware attacks proved more lucrative than others, with "Locky" drawing in $7 million alone.
SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)
Ransomware, a subset of malware, is one of the fastest-growing methods of cyberattack. It works by infecting a victim's computer, encrypting files—which can happen in under a minute—and then demanding a payment, or "ransom," in the form of cryptocurrency like bitcoin. Ransomware attacks cost victims over $1 billion in the last year, and as ZDNet has reported, it employs "fear tactics to give in and pay the cybercriminals."
Ransomware as a Service—in which criminal groups assist other hackers, charging for their services—is another growing trend, according to a recent Verizon report on data breach investigations. And ransomware programs are frequently shared between different actors.
While ransomware attacks can be costly, they still make up a small subset of cyberattacks—as TechRepublic has reported, they accounted for less than a percent of 600 million unique malicious Windows programs.
Want some advice for how to avoid ransomware? Check out TechRepublic's Alison DeNisco's reporting on 6 tips to avoid ransomware after Petya and WannaCry.
The 3 big takeaways for TechRepublic readers
- New research from Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering shows that victims of ransomware shelled out $25 million over the last two years.
- Certain ransomware attacks proved more lucrative than others, with "Locky" drawing in $7 million alone.
- While ransomware attacks can be costly, they still make up a small subset of cyberattacks—as TechRepublic has reported, they accounted for less than a percent of 600 million unique malicious Windows programs.
- Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of ransomware (TechRepublic)
- Ransomware: Now cybercriminals are stealing code from each other, say researchers (ZDNet)
- Ransomware: The smart person's guide (TechRepublic)
- Ransomware: More and smarter scams coming soon (ZDNet)
- Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Hope Reese has nothing to disclose. She doesn't hold investments in the technology companies she covers.
Hope Reese is a journalist in Louisville, KY. Her writing has been featured in The Atlantic, The Boston Globe, The Chicago Tribune, Playboy, Undark Magazine, VICE, Vox, and other publications.