At this year’s Black Hat USA event, Google revealed findings of their recent research on ransomware, including the profits being made by cyber criminals by demanding ransoms for data made inaccessible, and the most popularly used types. This research has found that at least £19 million has been paid as part of ransoms demanded over the course of the past two years, with Locky, Cerber and CryptXXX identified as the three strains of ransomware responsible for the highest financial loss overall within this period.
During this event, a speaker from Google, Kylie McRoberts (senior strategist with Google’s Safe Browsing) commented “Ransomware is here to stay and we will have to deal with for a long time to come”.
The research conducted used multiple means to determine the amount of money being paid to the deployers and creators of ransomware, using reports made by victims, Google also created tests where they could investigate what was happening behind the scenes during different ongoing ransomware attacks around the globe, using virtual machines to discover where any monetary demands for the alleged recovery of a user’s data (held at ransom) would be paid to. These test cases for the purposes of this research were named “synthetic victims” — using an isolated, sealed environment in order to study where and what occurs after a machine is infected with major strains of ransomware.
One of the researchers involved from Google, Elie Bursztein (leader of Google’s anti-abuse research team), stated about ransomware that “It’s become a very, very profitable market”.
Though the research quantified the financial impact of major ransomware tools, the research also suggested that this is a form of malware that is becoming more widespread and accessible to use by attackers, and that still new kinds of this malicious software are emerging over time.
Black Hat USA 17, https://www.blackhat.com/us-17
Google Security, Privacy and Abuse Research, https://research.google.com/teams/spa/
Ransomware ‘here to stay’, warns Google study, Mark Ward (Technology correspondent, BBC News), BBC Technology News, http://www.bbc.co.uk/news/technology-40737060
Google Study Quantifies Ransomware Profits, Tom Spring, Threatpost, https://threatpost.com/google-study-quantifies-ransomware-revenue/127057/