Ransomware campaigns … how to net $90,000 per year

Experts at Flashpoint published an interesting analysis of a ransomware campaign organized by a small gang of cyber criminals.

Cybercrime is a profitable business, last week we reported that according to security experts at Check Point, the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and US.

What about ransomware?

According to a new analysis published by the security firm Flashpoint, a small gang of crooks could find very profitable a ransomware campaign.

The researchers from the security firm Flashpoint has been following a ransomware-as-a-service campaign operated by a Russian gang since December 2015. The experts tracked the activities of the group, including the payment processes, the recruitment of new members for specific tasks, and the distribution of the malware.

The researcher identifies the leader of the gang, a cyber criminal active since at least 2012, then they observed how he recruited other members to organize the ransomware campaign.

“Based on our coverage of the Deep & Dark Web, this particular ransomware crime boss has been active since at least 2012. His primary institutional targets have included corporations and individuals in various Western countries. Based on multiple indicators, it appears that the ransomware boss operates out of Russia.” states the report published by FlashPoint.

The leader recruited people with the promise of sharing the profits from his campaign. The boss intent was to hire low-level cybercriminals without specific coding skills to help him reaching out to users in the Russian underground on the Deep Web.

“This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time,” states the recruitment notice appeared in the .

“It is desirable, of course, that you have already had some minimal experience in this business. But if you have no experience, it is not a problem. In addition to the file, you will receive detailed instructions on how and what to do – even a schoolboy could do it; you need only time and desire.”

The recruitment activities allowed the boss to hire 10 to 15 affiliates that helped him in spreading the ransomware via:

• Botnet installs
• Email and social media phishing campaigns
• Compromised dedicated servers
• File-sharing websites

When the victims are infected the gang requests the payment of a $300 fee to rescue to encrypted files, the communications with the victim are handled directly by the boss.

As usual, the payment is in Bitcoins and the money was laundered via Bitcoin exchanges.

The boss compensated the affiliates with 40 percent of the ransom keeping for himself the rest.

The researchers followed the payments discovering that at least 30 ransom were paid by victims, netting the boss around $90,000 a year and his affiliates an average $600 a month depending on their abilities to spread the ransomware. Larger ransomware gangs will trouser far larger sums, of course, as much as $90,000 a week or more.

The data are very interesting if we consider larger organization we can speculate that they are able to earn sums, more than hundreds of thousands of dollars per month.

Below the key findings shared by the security firm:

• From the ransomware affiliate perspective, such campaigns have significantly lowered the barriers for entry for low-tier Russian cybercriminals.
• Ransomware revenue amounts are not as glamorous and fruitful as they are often publicly reported. Average ransomware crime bosses make only $90K per year on average.
• Our findings dispute the common perceptions of cybercriminals as being larger-than-life, smart, well off, unreachable, undoxable, and unstoppable. The report provides the complete payout structure and Bitcoin laundering operation related to the ransomware-as-a-service campaign
• The report provides the complete payout structure and Bitcoin laundering operation related to the ransomware-as-a-service campaign.

We all know that cyber crime is a risky activity, but less than other conventional crimes. The members of the gang risk long severe sentences, but the financial gains are attractive because they are higher compared the gains of an average Russian citizen.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ransomware, cybercrime)