Ransomware is a special type of malware that locks, or claims to lock, your files and folders; then it asks you to pay a certain amount of money before you are given access back to your data. If you don’t pay, you don’t get access to your data (unless you had a pre-ransomware backup). Ransomware has been around for a long time but it appears that the technique is finally paying dividends to criminals — 5 million of them.
As part of their investigation for the Ransomware: A Growing Menace study, Symantec was able to gain access to the command-and-control center of one widespread ransomware scam. Over the period of one month, Symantec tracked 68,000 unique IP addresses connecting to the server (presumably 68,000 victims). In a particular day, 5,700 unique IP addresses connected to the server (presumably 5,700 victims) of which 168 paid the $200 fee asked by the ransom. Symantec extrapolated that to mean the people who ran the ransomware scam made roughly $394,400 in a month:
Symantec was able to track another cyber crime gang and found 500,000 unique IP addresses connecting to that particular ransomware server over the period of 18 days.
This data has lead Symantec to proclaim “a conservative estimate” that “over $5 million dollars a year” is being earned by criminals using ransomware. Symantec further notes that “he real number is, however, likely much higher” than $5 million a year.
To add salt to the wound, Symantec mentions something that most security experts already know about ransomware — paying doesn’t always mean you will get your files back:
A lot of individuals do pay up, either because they believe the messages or because they realize it is a scam but still want to restore access to their computer. Unfortunately, even if a person does pay up, the fraudsters often do not restore functionality. The only reliable way to restore functionality is to remove the malware.
$5 million. A year. I should get into this business.