The black market economy behind ransomware is flourishing

The dark web marketplace for ransomware is growing at a rate of more than 2,500 percent per year, a new report has found. 

As ransomware attacks such as GoldenEye and WannaCry have made headlines this year, the report states that ransomware attacks have cost worldwide businesses an estimated $1 billion this year. 

The research found that dark web economies are empowering even the most novice criminals to launch ransomware attacks via do-it-yourself kits. 

The dark web marketplace for ransomware is growing at a rate of more than 2,500 per cent per year, a new report has found. The research found that dark web economies are empowering even the most novice criminals to launch ransomware attacks via do-it-yourself kits

During August and September, Carbon Black researchers monitored 21 of the largest dark web marketplaces for new, virtual offerings related to ransomware. 

Based on the research, the products available on the market are diverse, ranging from lockscreen ransomware targeting Android devices (for just $1.00), to custom ransomware including source code (for $1,000+). 

For software developers, the appeal of selling ransomware may be financial.

Some ransomware sellers are making more than $100,000 per year simply retailing ransomware. 

By contrast, this is double the salary for legitimate software developers, who earn an average of $69,000 per year. 

The growth of the ransomware marketplace has in part been aided by the anonymization of commerce, for example through Bitcoin and the anonymous Tor browser.

KEY FINDINGS: RANSOMWARE  

The dark web marketplace for ransomware is growing at a rate of more than 2,500 per cent per year, a new report by security company Carbon Black, Inc. has found. 

Some of the key findings of the research include: 

  • There are 6,300+ estimated dark web marketplaces selling ransomware, with 45,000 product listings. 
  • The prices for DIY kits range from $0.50 to $3K. The median price is $10.50
  • Comparing 2016 vs. 2017 YD, the ransomware marketplace on the dark web has grown from $249,287 to $6,237,248 – a growth rate of 2,502 per cent. 
  • This economy extorts, according to the FBI, random payments that totaled about $1B in 2016, up from $24M in 2015. 
  • Some sellers of ransomware make more than $100,000 per year retailing ransomware. This is double the salary for legitimate software developers, who earn an average of $69,000 per year. 
  • The most notable innovation contributing to the proliferation and success of the dark web ransomware economy have been the emergence of Bitcoin for ransom payment, and the anonymous Tor browser, to hide transactions.
'They system only works if victims choose to pay,' the report by Carbon Black states. 'Until people decide not to pay, this problem will only continue to grow. 'Additionally, as it stands right now, law enforcement cannot scale to the problem'

‘They system only works if victims choose to pay,’ the report by Carbon Black states. ‘Until people decide not to pay, this problem will only continue to grow. ‘Additionally, as it stands right now, law enforcement cannot scale to the problem’

 Source: Carbon black – The ransomware economy

For example, when ransoms are paid via the Tor browser, which enables anonymous communication, it makes it difficult for these transactions to be investigates with traditional geo-based law enforcement approaches. 

In addition, consumers’ willingness to pay ransom has an impact on the ransomware market. 

In a recent Carbon Black survey, participants were asked if they would personally be willing to pay if their personal computer and files were encrypted by ransomware, and 52 per cent said yes. 

For software developers, the appeal of selling ransomware may be financial. Some ransomware sellers are make more than $100,000 per year retailing ransomware. This is double the salary for legitimate software developers, who earn an average of $69,000 per year

For software developers, the appeal of selling ransomware may be financial. Some ransomware sellers are make more than $100,000 per year retailing ransomware. This is double the salary for legitimate software developers, who earn an average of $69,000 per year

59 per cent of these respondents said they’d be willing to pay less than $100 to get their data back, while 29 per cent would pay $100-$500 to get their data back, and just 12 per cent would pay $500 or more to get their data back. 

‘They system only works if victims choose to pay,’ the report states. 

‘Until people decide not to pay, this problem will only continue to grow. 

‘Additionally, as it stands right now, law enforcement cannot scale to the problem. 

‘Companies are largely on their when it comes to stopping ransomware attacks.’ 

In a recent Carbon Black survey, participants were asked if they would personally be willing to pay if their personal computer and files were encrypted by ransomware, and 52 per cent said yes. 59 per cent said they'd be willing to pay less than $100 to get their data back

In a recent Carbon Black survey, participants were asked if they would personally be willing to pay if their personal computer and files were encrypted by ransomware, and 52 per cent said yes. 59 per cent said they’d be willing to pay less than $100 to get their data back

 

 

 

Read more at DailyMail.co.uk