Dark Web Ransomware Economy Growing
at an Annual Rate of 2,500%
at an Annual Rate of 2,500%
Rick McElroy, Security Strategist,
Carbon Black
Carbon Black
Param Singh, Director of Threat
Research, Carbon Black
Research, Carbon Black
CryptoLocker. GoldenEye. Locky. WannaCry. It’s
no secret that 2017 is shaping up to be the most notorious year on record for
ransomware. Even a casual news consumer can identify several, if not all, of
the menacing ransomware attacks that have cost worldwide businesses an
estimated $1 billion this year.
no secret that 2017 is shaping up to be the most notorious year on record for
ransomware. Even a casual news consumer can identify several, if not all, of
the menacing ransomware attacks that have cost worldwide businesses an
estimated $1 billion this year.
With ransomware illuminated in the
cybersecurity spotlight, Carbon Black’s Threat Analysis Unit (TAU) leveraged
its own intelligence network to investigate the deepest, darkest portions on
the web, where ransomware is currently being created, bought, and sold in burgeoning
underground economies.
cybersecurity spotlight, Carbon Black’s Threat Analysis Unit (TAU) leveraged
its own intelligence network to investigate the deepest, darkest portions on
the web, where ransomware is currently being created, bought, and sold in burgeoning
underground economies.
Our research found that,
from 2016 to 2017, there has been a 2,502% increase in the sale of ransomware
on the dark web. This increase is largely due to a simple economic principle –
supply and demand. Cybercriminals are increasingly seeing opportunities to
enter the market and looking to make a quick buck via one of the many
ransomware offerings available via illicit economies. In addition, a basic
appeal of ransomware is simple: it’s turnkey. Unlike many other forms of
cyberattacks, ransomware can be quickly and brainlessly deployed with a high
probability of profit.
from 2016 to 2017, there has been a 2,502% increase in the sale of ransomware
on the dark web. This increase is largely due to a simple economic principle –
supply and demand. Cybercriminals are increasingly seeing opportunities to
enter the market and looking to make a quick buck via one of the many
ransomware offerings available via illicit economies. In addition, a basic
appeal of ransomware is simple: it’s turnkey. Unlike many other forms of
cyberattacks, ransomware can be quickly and brainlessly deployed with a high
probability of profit.
As our research found, these dark web economies
are empowering even the most novice criminals to launch ransomware attacks via
do-it-yourself (DIY) kits and providing successful ransomware authors with
annual incomes into six figures.
are empowering even the most novice criminals to launch ransomware attacks via
do-it-yourself (DIY) kits and providing successful ransomware authors with
annual incomes into six figures.
Key Findings
1 –
There are currently 6,300+ estimated dark web marketplaces selling ransomware, with 45,000
product listings. The prices for do-it-yourself (DIY) kits range from
$0.50 to $3K. The median price is $10.50.
There are currently 6,300+ estimated dark web marketplaces selling ransomware, with 45,000
product listings. The prices for do-it-yourself (DIY) kits range from
$0.50 to $3K. The median price is $10.50.
2 –
Comparing 2016 vs. 2017 YTD, the ransomware marketplace on the dark web
has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%.
This economy extorts, according to the FBI, ransom payments that totaled about
$1B in 2016, up from $24M in 2015.
Comparing 2016 vs. 2017 YTD, the ransomware marketplace on the dark web
has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%.
This economy extorts, according to the FBI, ransom payments that totaled about
$1B in 2016, up from $24M in 2015.
3 –
Some sellers
of ransomware are making more than $100,000 per year simply retailing
ransomware. (This compares to $69,000 for a legitimate software
developer, according to figures from PayScale.com.)
Some sellers
of ransomware are making more than $100,000 per year simply retailing
ransomware. (This compares to $69,000 for a legitimate software
developer, according to figures from PayScale.com.)
4 –
The most notable innovations contributing to the proliferation and success of
the dark web ransomware economy have been the emergence of Bitcoin for ransom
payment, and the anonymity network, Tor, to mask illicit activities.
Bitcoin allows money to be transferred in a way that makes it nearly impossible
for law enforcement to “follow the money.” Bank transfers and credit card transactions
traditionally aid in the quick takedown of scams. Bitcoin means there’s no bank
to identify the account holder.
The most notable innovations contributing to the proliferation and success of
the dark web ransomware economy have been the emergence of Bitcoin for ransom
payment, and the anonymity network, Tor, to mask illicit activities.
Bitcoin allows money to be transferred in a way that makes it nearly impossible
for law enforcement to “follow the money.” Bank transfers and credit card transactions
traditionally aid in the quick takedown of scams. Bitcoin means there’s no bank
to identify the account holder.
5 –
Ransomware sellers are increasingly specializing in one specific
area of the supply chain, further contributing to ransomware’s boom and
economy development.
Ransomware sellers are increasingly specializing in one specific
area of the supply chain, further contributing to ransomware’s boom and
economy development.
-END-
For a
more in-depth discussion with Carbon Black executives on ransomware trends,
please contact Avril Sindhu at +65 3157 5632 or email carbonblack@yingcomms.com.
more in-depth discussion with Carbon Black executives on ransomware trends,
please contact Avril Sindhu at +65 3157 5632 or email carbonblack@yingcomms.com.
Please
find below Carbon Black’s recent headlines, which may interest you:
find below Carbon Black’s recent headlines, which may interest you:
·
Carbon Black Continues to Serve as the Weapon of Choice
When the World’s Leading Firms with Incident Response (IR) Services Battle
Attackers Carbon Black announced that more than 50 of
the world’s leading firms for incident response (IR) services use Carbon Black
as their weapon of choice when battling attackers. Protiviti is the latest firm
to join Carbon Black’s global program. Carbon Black’s Cb Response empowers
Protiviti’s proactive incident response (threat hunting) services to more
efficiently review endpoint processes, persistence mechanisms, and other
unusual activity through a single interface.
Carbon Black Continues to Serve as the Weapon of Choice
When the World’s Leading Firms with Incident Response (IR) Services Battle
Attackers Carbon Black announced that more than 50 of
the world’s leading firms for incident response (IR) services use Carbon Black
as their weapon of choice when battling attackers. Protiviti is the latest firm
to join Carbon Black’s global program. Carbon Black’s Cb Response empowers
Protiviti’s proactive incident response (threat hunting) services to more
efficiently review endpoint processes, persistence mechanisms, and other
unusual activity through a single interface.
·
Carbon Black Unveils Vision for Market’s First Predictive
Security Cloud™ at Cb Connect User Conference Carbon
Black unveiled its vision for the market’s first Predictive Security Cloud™ at
Cb Connect, Carbon Black’s annual user conference in San Francisco. The Predictive Security Cloud is a
software platform built on an extensible, cloud-scalable architecture, which
consolidates endpoint data in the cloud for analytics to provide
industry-leading protection from both malware and non-malware attacks.
Carbon Black Unveils Vision for Market’s First Predictive
Security Cloud™ at Cb Connect User Conference Carbon
Black unveiled its vision for the market’s first Predictive Security Cloud™ at
Cb Connect, Carbon Black’s annual user conference in San Francisco. The Predictive Security Cloud is a
software platform built on an extensible, cloud-scalable architecture, which
consolidates endpoint data in the cloud for analytics to provide
industry-leading protection from both malware and non-malware attacks.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
