With all the ransomware attacks in recent times, one would naturally wonder how many victims have fallen prey and have given in to hackers’ demands of payments to retrieve their files back. WannaCry and Petya are only the recent cases, but ransomware attacks have been in existence since a long time. In fact, a recent study has found that ransomware victims have paid over $25 million (roughly Rs. 160 crores) in ransom in just the past two years.
The findings were presented by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering, The Verge reports. The amount was deduced by tracking payments through the blockchain and comparing them against known samples that led the researcher to gain a comprehensive understanding of the ransomware ecosystem.
The idea behind a ransomware attack is simple enough. An attacker infects a computer, encrypting the victims files and private keys. The only way for the victim to retrieve their personal data is to pay a ransom, which is usually in the form of Bitcoins. Ransomware attacks have usually found victims willing to pay the required ransom to get back their data. The study, in particular, tracked 34 separate ransomware strains. The data showed a ransomware strain, called Locky, gaining a huge uptick in payments since 2016.
“Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines,” says NYU professor Damon McCoy. “Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business.”
Cerber and CryptXXX are other ransomware strains that followed a similar pattern to draw $6.9 million and $1.9 million, respectively. These numbers reflect the total amount made by the victims, but doesn’t seem to clarify the amount received by the original ransomware authors.
The report also notes that ransomware authors are getting smarter at avoiding antivirus software by changing binaries rather than sticking with the same code previously detected. This way, the attacker can bypass antivirus detection, something researchers have found in recent ransomware programs.