Google says ransomware is here to stay as criminals make $1m a month

Cyber Crime

Victims of ransomware attacks paid out more than $25m (£19m) to cyber criminals over the last two years, according to a Google study.

The majority of the money was gained through two types of ransomware, but more variants are emerging, with the attractiveness of this type of crime growing dramatically in recent times.

Ransomware is a form of malicious software, with the malware infecting a system and encrypting local files which are then only accessible to the attackers, who demand payment for the files’ release. Often, these ransom payments are made using the virtual currency Bitcoin.

In order to uncover the payment ecosystem involved with ransomware attacks, the technology giant used reports from victims, and made thousands of virtual ransomware victims, which it ran ransomware files on.

Monitoring the network traffic that was generated by these synthetic victims, the team looked at where the money would be transferred. At this point, the 300,000 files they discovered were broken down into 34 variants of ransomware, with the most popular strains being Locky and Cerber.

Last year, the Locky family collected £5.9m last year, while the Cerber family collected £5.2m.

The researchers also discovered a growing professionalism of the cyber criminals’ operations, treating victims like ‘customers’ and providing support staff to help handle ‘sales’, rather than working as typical criminals.

Google’s Elie Bursztein, who conducted the research with Luca Invernizzi and Kylie McRoberts, said: “It’s become a well-oiled machine. It operates like a real company. That shows how mainstream it’s become and how much it’s here to stay.”

“Ransomware as a service has become a dominant model. All you have to do is infect people, and then you get a cut.”