1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/31/2017

0 Comments

Ransomware Victims Have Paid $25 Million in the Span of 2 Years

 
Ransomware arrives by email

Ransomware Victims Have Paid $25 Million in the Span of 2 Years, Google-Led Study Shows

Since 2016, ransomware victims have paid over $25 million to cyber criminals, this according to a new Google-led study – with inputs from the University of California San Diego (UCSD), New York University (NYU) and Chainalysis researchers.
 
Google researchers – Elie Bursztein, Kylie McRoberts, Luca Invernizzi – in the study called “Tracking desktop ransomware payments end to end” found that over the period of 2 years, ransomware criminals have earned a total of $25,253,505.
 
"A niche term just two years ago, ransomware has rapidly risen to fame in the last year, infecting hundreds of thousands of users, locking their documents, and demanding hefty ransoms to get them back,” Bursztein, McRoberts and Invernizzi said. “In doing so, it has become one of the largest cybercrime revenue sources, with heavy reliance on Bitcoins and Tor to confound the money trail.”
 
According to Google, since 2016, there has been an 877% increase in the search queries of the keyword “ransomware” – the term used to refer to a malware that encrypts victims’ computers and demands a ransom payment for the key to unlock the computer.
 
The top 10 ransomware earners, according to the Google-led study, are Locky ransomware (with a total $7.8 million earning), followed by Cerber ($6.9 million), CryptoLocker ($2 million), CryptXXX ($1.9 million), SamSam ($1.9 million), CrytoWall ($1.2 million), AINamrood ($1.2 million), TorrentLocker ($1 million), Spora ($0.8 million) and CoinVault ($0.2 million).
 
According to the study, a ransomware goes through the following process:
  1. Victim's computer is infected.
  2. Victim is shown a ransom note.
  3. Victim visits payment site.
  4. Victim buys bitcoin.
  5. Ransom payment moves across multiple bitcoin wallets.
  6. Criminals accumulate bitcoins then sell them for currency.

Locky Ransomware

​Aside from being the top grossing ransomware since 2016, the Google-led study cited Locky as one of the notable ransomware for being the first ransomware to earn $1 million per month.
                                     
The Google-led study said Locky brought “ransoms to the masses”. This ransomware first appeared in February 2016. According to Symantec, cyber criminals aggressively spread this malware by using compromised websites and massive spam campaigns. This malware encrypts files on victims’ computers and demands ransom payment.
 
Allen Stefanek, president and CEO, Hollywood Presbyterian Medical Center, publicly admitted that as a result of Locky ransomware attack, the hospital paid 40 bitcoins – equivalent to nearly $17,000. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of restoring normal operations, we did this.”

Cerber Ransomware

​This ransomware is another notable ransomware cited by the study for its consistent income of $200,000 per month for over a year. This malware first appeared in February 2016.
 
According to Kaspersky Lab, this ransomware, also dubbed as a “multipurpose malware”, when executed via email attachment, encrypts files and demands money for their safe return. This ransomware, according to Kaspersky Lab, also infects computers for other purposes such as for a distributed denial of service (DDoS) attack or as a spambot.

Wipeware vs. Ransomware

Worthy to note is that the Google-led study didn’t include WannaCry and NotPetya (also known as Petya) as part of the top 10 top highest grossing ransomware in the past two years. WannaCry was only ranked 11th, with a total of $0.1 million earning.
 
The Google-led study classified WannaCry and NotPetya as ransomware “impostors”. The study found that even if WannaCry and NotPetya victims pay ransom, they still couldn’t unlock their computers. "Wipeware pretending to be ransomware is on the rise." the researchers noted.
 
Matt Suiche from Comae Technologies, who concluded that NotPetya is a wiper, not a ransomware, explained the difference between a wiper and ransomware:
​
"The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) – a wiper would simply destroy and exclude possibilities of restoration."
 
WannaCry first appeared last May 12; NotPetya first appeared last June 27. While WannaCry affected hundreds of thousands of computers around the world, NotPetya only affected tens of thousands of computers worldwide. The glaring similarity between WannaCry and NotPetya is how they affected major government institutions and big companies.
 
WannaCry disrupted the operations of UK’s National Health Service, Renault's assembly plant in Slovenia, U.S. express delivery company FedEx and Spanish telecommunications company Telefonica. NotPetya, meanwhile, disrupted the operations of the Chernobyl nuclear plant, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck, Cadbury and Oreo-maker Mondelez and Russian oil and gas giant Rosneft.

How to Protect Your Organization from Ransomware and Wipeware

Here are 4 tips on how to protect your organization from ransomware and wipeware:

1. Backup Your Data
According to the Google-led study, ransomware criminals were able to inflict significant damage to their victims as only 37% of computer users backup their data.
 
In today’s digital world, organizations’ effectively operate because of data availability. Given the importance of data in your organization, this important commodity should be protected at all cost.
 
When it comes to data backup, having one backup file may not be enough to safeguard your organization’s data. The United States Computer Emergency Readiness Team (US-CERT) recommends organizations to follow the “3-2-1 rule”:
  • Rule 3: Store 3 copies of any important file – 1 primary and 2 backups.
  • Rule 2: Store the files on 2 different media types to protect against different types of hazards.
  • Rule 1: Keep 1 copy offsite (e.g., outside the business facility).
 
2. Keep Your Operating System and Other Software Updated
Microsoft’s Windows 10 update, for instance, can help detect the latest batch of Cerber ransomware.
 
3. Disable Loading of Macros in Office Programs
“To help prevent malicious files from running macros that might download malware automatically, we recommend you change your settings to disable all except digitally signed macros,” Microsoft said.
 
4. Think before You Click
Refrain from opening emails from senders you don’t recognize. Don't click or open the following attachments:
  • Files with .LNK extension
  • Files with double dot extension (for example, profile-d39a..wsf)
  • Files with .wsf extension
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit