Skip to main content

Ransomware victims handed over $25 million in payments in the last two years

(Image credit: Image source: Shutterstock/Martial Red)

Ransomware victims have paid more than $25 million in the past two years to get their data back, a new study by Google has shown.

The report (opens in new tab), made by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering, followed the trail of cryptomoney through the blockchain, allowing researchers to get a birds-eye view of the ransomware world. 

A total of 34 ransomware families were tracked, but only a handful made most of the profit. This includes Locky, whose epidemic forced more than $7 million in payments.

Locky was the first ransomware to split payment and encryption infrastructure from distribution, allowing it to spread faster and go further. 

Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines,” says NYU professor Damon McCoy, who worked on the project. “Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business.”

However, the company was not able to confirm how much of that money made it back to the ransomware creators.

The report also says ransomware creators are getting smarter when it comes to avoiding antivirus software. Once a malware is discovered, the software looks for identical binaries. However, if the binary changes, antivirus can no longer identify the malware. 

Cerber ransomware, for example, made “thousands of binaries” a month, making it extremely hard to be tracked.

Image source: Shutterstock/Martial Red

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.