With the sequence of events that have unfolded in the recent past, it is evident that ransomware is among the most common type of malware used by cybercriminals to earn financial gains by injecting malicious software into a computer or a network of computers with the sole intent of causing harm to the data inside the device.
As much as the underlying concepts under which they operate are the same, the ransomware attacks differ in terms of functionality, with some having the capacity to do more damage when compared to others.
With that said, we cannot do away with the fact that technological advancements are bringing about drastic changes which are making hackers develop even more complex malware programs.
How Does Ransomware Work?
In the simplest explanation, ransomware operates by taking control of an individual or a group of computers connected to a network, locking up the files and then demanding payments in the form of digital currencies, the most preferred being Bitcoin.
During this time, the malware tends to threaten the affected party in a manner that they may get coerced into paying the set amount requested in the ransom.
At first, they are prompted to pay a certain amount within a specific timeframe, and if they don’t, the amount increases. Further failure to cooperate with the hacker leads to the files getting deleted from the device for good.
When this happens, it is advisable not to pay because it may result in a double loss in the sense that you lose the money and your files don’t get unlocked.
Despite the warning, there are those who still made payments. But what remains unclear is if they all got back their data which, in a majority of cases, contained very crucial and confidential business documents.
Experts say that making the payments shows attackers that they can earn from orchestrating the attacks, and this makes businesses prone to different forms of ransomware attacks over time.
In short, making payments is similar to supporting cyberattacks.
From this, it is evident that even though Bitcoin has shaped the crypto world, it has enabled hackers to extort individuals and organizations through this type of attack.
How to Protect Yourself
Since most ransomware attacks occur when the victim clicks on malicious links and inadvertently downloads corrupted software, the targeted individual or organization should take steps to ensure that they do not fall into either of these traps, as they carry the potential of crippling operations.
For companies, the best way to go about it is to train the employees who are involved in the day-to-day online activities because it is through emails that the virus spreads.
It is also advisable to backup content on a separate server so that in the event the central systems are down, corrupted or destroyed as a result of ransomware or any other cause, then it becomes relatively easy for the affected entity to retrieve the data and move on.
The steps are few but save a great deal since the effect of ransomware has been seen and felt before. In some instances, the consequences can be catastrophically severe because some target nuclear facilities, hospitals, and even airports.
In some of the above cases that are targets, the effects can even be life-threatening. A good example is an attack on a nuclear facility which forced staff to monitor radiation manually and a hospital where if records of a critically ill patient are missing, then the situation might turn from bad to worse.
For this reason, we indeed see that the statement “prevention is better than cure” holds water.
Amounts Earned by Cybercriminals over the Years
Since Bitcoin is the primary mode of payment used by ransomware attackers, one team of researchers from Italy did a study to find out how much money was sent to the addresses provided by ransomware operators.
The research team first began their work in 2013 after the ransomware CryptoLocker, which is known to be the very first ransomware to demand payment in the form of Bitcoin.
In their quest to discover how much was earned over time by the attackers, they used the Bitcoin address that was provided by the attackers. By going to the public Bitcoin blockchain, they were able to monitor the funds that have been sent to the wallets the hackers provided after the orchestration of each attack.
Even though the attackers’ wallets were used for other transactions, the research team was able to differentiate between which payment was used for a different cause and which one was from a ransomware attack.
The mode of differentiation is straightforward—they simply checked the amount that was demanded after each attack, and if it were similar as to what appeared on the Bitcoin network, then they would conclude that it is a ransom payment.
The researchers further went ahead to provide an in-depth analysis of the modus operandi of the ransomware operators to give interested parties an insight of what hackers have earned over the years from perpetuating the vice.
In their research, it was revealed that of the some of the ransomware attacks spread through multiple vectors and in each case, it generated a unique Bitcoin address. So, from this, we can note that the perpetrators used not one but different addresses to collect payments from time to time.
By analyzing their findings, the researchers found that the total amount collected from ransomware over the past five years is over $45 million. Given the nature of the activities that are going on in the cyber world, this amount is going to increase.
Since statistics maybe crucial to a variety of persons, the team found it to the best of their interest to reveal what they had found out. In turn, this will help those who are engaging in a similar type of research since they may use the statistics and compare it to what they have to come up with a better view of how hackers benefit.
In the future, the team hopes to analyze the transactions further to determine the exact manner in which the funds earned by culprits were spent.
Ransomware on the Dark Web
Ransomware attacks fall under the cybercrime category and, according to an analysis by Dark Web News, drugs and cybercrime are the top profiteering businesses conducted on the dark web.
According to research by Carbon Black, a cybersecurity firm based in the U.S., the sale of ransomware grew by over 2500 percent in the last quarter of 2017 as compared to the same time the previous year.
From this, it is clear that fugitives have found an exclusive hub for purchasing malware of this type, a clear indication that in the year 2018 and years to come, we are likely to see more entities getting affected because of the availability of ransomware on the dark web.
The latest instance is an emerging ransomware named Thanatos, which is the first to demand Bitcoin Cash. It also accepts payment in the form of Ethereum and Bitcoin.
So apart from expecting an increase in the number of ransomware attacks, we are also likely to see them demanding payments in other forms of digital currencies.