Ransomware has been in the news almost constantly lately, and according to Google, that’s because it’s become a $25 million dollar industry over the past two years, and that’s a conservative estimate. A few Googlers researched the subject, and attended this year’s Black Hat USA conference to share their findings. Not only is ransomware extremely lucrative these days, but the Googlers found that the particularly destructive form of malware is likely not a mere fad, and could be around for some time. Essentially, ransomware is getting easier to build and spread, while also becoming more lucrative and easier to cash out.
The three Google employees’ research indicated that two particular types of ransomware were responsible for almost half of the overall money made in the field during the period that they surveyed. Ransomware programs in the Locky family made around $5.9 million in the last year, while the Cerber family saw about $6.9 million. Those figures were drawn from a number of sources, including reports of people who had paid out, independent researchers, and records on the Bitcoin blockchain. Bitcoin is one of the most common means of demanding payment for ransomware makers, and all transactions are recorded semi-anonymously in the blockchain, a tool that’s used to encode and decode the transactions as they enter the system, transfer in bitcoin form, then are cashed out.
The Googlers researching the subject found a large majority of payments terminating with BTC-e, a Russian bitcoin exchange that recently saw one of its founders arrested. Though the co-founder of BTC-e, Alexander Vinnik, is awaiting extradition to the US, the exchange itself continues to operate, processing both illicit and legitimate transactions in the same way due to the relative anonymity offered by the Bitcoin standard. Meanwhile, new variants of ransomware are popping up and even managing to compete with more established forms. A ransomware attack of any sort can spread quickly and wreak outright havoc, as seen with WannaCry’s rampage around the world knocking out systems, and Petya’s harsh influence in parts of Europe during its run. As with any other type of malware, new ransomware variants will keep coming, using new exploits and new methods of spreading, and all security researchers can do is try to patch up possible exploits in programs, then react to whatever ransomware does get into.