Ransomware Scams Have Raked in $25 Million
Ransomware is now a multimillion-dollar black market; the most prevalent ransomware strains have netted a total of $25 million, according to a study from Google, bitcoin security firm Chainalysis, the University of California at San Diego and New York University.
The ransomware ecosystem is currently "dominated by a few kingpins," like Locky and Cerber. Locky, the first ransomware to make more than $1 million per month, has raked in $7.8 million. Cerber, which ushered in the rise of ransomware as a service, is right up there as well; the strain accumulated around $200,000 per month for more than a year and $6.9 million to date.
CryptoLocker, CryptXXX, SamSam, CryptoWall, AlNamrood, TorrentLocker, Spora, CoinVault and WannaCry are also raking in the cash.
Exacerbating the problem is the fact that just 37 percent of users back up their data, the study notes.
Just last month, a global ransomware outbreak known as Petya had government agencies and private businesses around the globe scrambling to get their systems back online and recover their data. That outbreak came after hundreds of thousands of PCs were attacked by WannaCry.
Malwarebytes late last year analyzed nearly half a million ransomware incidents to identify the 10 U.S. cities most victimized by the threatening software. Las Vegas topped the list with the most ransomware detections overall, the most detections per individual machine and most detections per population.
"Cybercriminal gangs have already saturated both the rural and urban U.S. populace with ransomware, yet they are constantly improving their tactics, execution and business model to evade detection by current solutions," Malwarebytes' Head of Malware Intelligence Adam Kujawa said in a statement at the time. "With millions of dollars being handed over to cybercriminals, ransomware will only increase in prevalence."
Most cyber-security experts warn ransomware victims not to pay up. Petya, for example, was thought to be wiper malware disguised ransomware; the email address associated with the scammers was inactive. For more, check out How to Protect and Recover Your Business from Ransomware.