Just over the past two years, ransomware victims gave $25 million to save their private data.
By following the Bitcoin transactions of the victims through the blockchain and then comparing them to the known samples, researchers at Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering succeeded to create an understandable overview of the ecosystem that is ransomware and discovered just how much money it takes from its victims.
In this study, the researchers tracked 34 families that had been victims of ransomware attacks and came to a finding that just a few strains of ransomware were behind the majority of attacks and profits.
One strain that has been identified, known under the name of Locky, was the cause of a recent epidemic that cashed out $7 million out of its victims to hackers from 2016 up to now.
Damon McCoy, NYU professor who was a part of the project, said that the advantage of the Locky ransomware was that it separated the people who maintained it and the people who were infecting the machines. It’s only focus was put on building the malware and support infrastructure, after which the hackers had other botnets to spread and distribute the malware, which did their job much better.
After other strains such as Cerber and CryptXXX successfully spread, an additional $6.9 million and $1.9 million was paid to hackers, although it is still unknown whether all the money or just a part of it got back to the cyber criminals.
What was also discovered in the study was the increasing level of cleverness hackers reached with their ransomware attacks and the fact that they are getting better and avoiding antivirus software.
The trick they’ve developed and used was that their more complex malware has the ability to automatically change binary, so it can get past system protection programs that are developed in such a way so they scan for matching binaries but aren’t able to identify the disguise.
Just this past month, two types of ransomware appeared – one of which was directed at Android users, known as LeakerLocker, which threatened its victim to leak their private data in case they refuse to pay for the ransom. The way it spread is through apps on the Google Play Store.
The other recent type of malware is known as GhostCtrl, which is able to disguise itself as the popular messaging app WhatsApp and film and record your private calls and videos, among the usual data theft that malware is programmed to do, making it extra harmful.