This is a post series on cyber crime. For more posts click here or the cybercrime tag below.
The economics of ransomware. It’s an extortion racket without all the usual limitations of such things. The entry costs are low as are the risks. Which is the problem. $2500 to possibly get back 2 million is a huge return. Unless something changes, this is only going to get worse.
Cybercriminals create the demand by restricting access. Victims realize they need access and—if they cannot get access themselves by restoring critical files from backup—they end up paying the ransom and fueling this economy. This applies to online consumers, small business owners, and CEOS—they have all paid to retrieve data.
It’s interesting to consider the ransomware economy in the following five segments:
Cybercriminals leasing ransomware can obtain it for as little as $39 and as high as $3,000 depending on which type is purchased. They must then distribute it. Distribution costs include time spent creating and sending emails. According to Trustwave, an IT security team that spent time trying to dissect the ransomware economy, it would cost about $2,500 to spread 2,000 ransomware infections once you factor in the time to send emails and compromise sites.
Ransom demands in the United States have been known to be several hundred dollars higher than the same ransomware in Mexico or other countries with lower median incomes than the U.S. Ransomware authors have researched regions and incomes—and they understand that they can only charge what the market will bear. Ransomware authors also consider the bitcoin exchange rate when determining the ransom demand. This helps cybercriminals set a ransom that victims can afford to pay regardless of which country they’re from. In the U.S., the average ask is between $300 and $500, according to many industry sources.
3) Target market
The target market for ransomware consists of consumers and companies that retain important or business-critical information, and have the ability to pay the ransom. Unfortunately, these people also typically aren’t adhering to IT security best practices. Hospitals and other healthcare organizations are a popular target for cybercriminals because of the pressure to pay up quickly, rather than risk patient health.
Estimates as to how much has been paid in ransom tend to be conservative because many payments are undisclosed. That said, The U.S. Departments of Justice Internet Crime Complaint Center received reports of ransom payments totaling $24 million in 2015. And in July 2016, ransom payments for Cerber ransomware alone totaled $195,000 for the month. But the market is growing exponentially, and the FBI has said ransomware costs could total $1billion this year.
The relatively low barrier to entry has resulted in fierce competition among cybercriminals. Some ransomware authors and cyber-extortionists have even adopted higher levels of professionalism to make it easier for victims to pay up. And, in an interesting angle to the supplier side, ransomware kits are easily available and come with simple instructions, meaning that distributors can sell ransomware to new, smaller distributors—as long as they are guaranteed a piece of the profits.
The ransomware economy is booming and returns are high. That means you can expect the number of ransomware attacks to continue rising. Protect yourself by having adequate backups in place before a ransomware attack occurs. Test your backups to ensure that the right data is being protected and can be restored in satisfactory time frames. Also, ensure that a backup copy is kept in a different location from production data so that ransomware does not infect both at the same time.
This ties right into a central point of this series.
Here’s some more links.
A ransomware PSA.
They need to run it in their own offices.
The week in ransomware.