Ransomware ‘here to stay’ says Google
27 Jul 2017by Chloe Green
Charities are being warned to protect themselves from ransomware after researchers from Google said it is ‘here to stay’.
The study by the tech giant estimates that cyber-thieves profited to the tune of at least £19m from ransomware
activities in the last two years. The majority of that sum was made in 2016 as gangs realised how lucrative it was, Google executives told delegates at a conference in the US.
"It's become a very, very profitable market and is here to stay," commented Elie Bursztein, one of the Google researchers responsible for the study.
Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. The files are only decrypted when a victim pays a ransom. Payments typically have to be made using the Bitcoin virtual currency
Payment analysis of the Bitcoin blockchain, which logs all transactions made using the e-currency, revealed the two ransomware strains that made the most money over the last year, with Locky collecting about $7.8m (£5.9m) and Cerber $6.9m (£5.2m).
The research project also revealed where the cash flowed and accumulated in the Bitcoin network and where it was converted back into cash. More than 95% of Bitcoin payments for ransomware were cashed out via Russia's BTC-e exchange.
"Ransomware is a fast-moving market," Bursztein added. "There's aggressive competition coming from variants such as SamSam and Spora," before he went on to explain that novel variants were expanding quickly and many were encouraging fast expansion by paying affiliates more if they placed the malware on to large numbers of machines. The ransomware as a service model was already proving popular, he warned.
"It's no longer a game reserved for tech-savvy criminals," he said. "It's for almost anyone."