Dark Web Ransomware Economy Growing at an Annual Rate of 2,500%
Rick McElroy, Security Strategist, Carbon Black & Param Singh, Director of Threat Research, Carbon Black
CryptoLocker. GoldenEye. Locky. WannaCry. It’s no secret that 2017 is shaping up to be the most notorious year on record for ransomware. Even a casual news consumer can identify several, if not all, of the menacing ransomware attacks that have cost worldwide businesses an estimated $1 billion this year.
With ransomware illuminated in the cybersecurity spotlight, Carbon Black’s Threat Analysis Unit (TAU) leveraged its own intelligence network to investigate the deepest, darkest portions on the web, where ransomware is currently being created, bought, and sold in burgeoning underground economies.
Our research found that, from 2016 to 2017, there has been a 2,502% increase in the sale of ransomware on the dark web. This increase is largely due to a simple economic principle – supply and demand. Cybercriminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit economies. In addition, a basic appeal of ransomware is simple: it’s turnkey. Unlike many other forms of cyberattacks, ransomware can be quickly and brainlessly deployed with a high probability of profit.
As our research found, these dark web economies are empowering even the most novice criminals to launch ransomware attacks via do-it-yourself (DIY) kits and providing successful ransomware authors with annual incomes into six figures.
1 – There are currently 6,300+ estimated dark web marketplaces selling ransomware, with 45,000 product listings. The prices for do-it-yourself (DIY) kits range from $0.50 to $3K. The median price is $10.50.
2 – Comparing 2016 vs. 2017 YTD, the ransomware marketplace on the dark web has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%. This economy extorts, according to the FBI, ransom payments that totaled about $1B in 2016, up from $24M in 2015.
3 – Some sellers of ransomware are making more than $100,000 per year simply retailing ransomware. (This compares to $69,000 for a legitimate software developer, according to figures from PayScale.com.)
4 – The most notable innovations contributing to the proliferation and success of the dark web ransomware economy have been the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to “follow the money.” Bank transfers and credit card transactions traditionally aid in the quick takedown of scams. Bitcoin means there’s no bank to identify the account holder.
5 – Ransomware sellers are increasingly specializing in one specific area of the supply chain, further contributing to ransomware’s boom and economy development.