For the longest time, people have assumed the profits made from ransomware attacks is very lucrative. But a recent study by Flashpoint paints an entirely different picture. While there is still money to be made, the numbers are far lower than most people think they are.
Flashpoint conducted a five-month study of a Russian ransomware operation to see how lucrative this business model is. As it turns out, the operators of this service make far less money than most people anticipated. The “upper brass” makes US$90k per year, which is still a nice amount, but not that high all things considered.
Flashpoint Study Reveals Intriguing Details
The study by Flashpoint investigated a particular group of criminals offering ransomware-as-a-service. Their primary targets seem to be corporations and individual users in the Western world. Organizing these campaigns and hiring partners to ensure the malware is delivered, nets criminals US$7,500 per month.
What is noteworthy is how the Flashpoint research indicates these crime rings usually rely on personal relationships. With no central command and control infrastructure, affiliates get carte blanche as to how they distribute ransomware. Moreover, they need to keep tabs on how many and which systems have been infected successfully.
Despite the growing number of reported ransomware infections, the Russian crime group only collected thirty payments of US$300 per month. This goes to show consumers and enterprises are becoming far more vigilant when it comes to malware. Moreover, fewer people are willing to pay the fee and will take a small data loss after restoring file access from a backup.
Ransomware-as-a-service bosses take a 60% of the fee paid, whereas affiliates receive 40% for their efforts. Spreading malware is far from a glorious job, to say the last, and the pay is not all that great either. However, there are nearly no entry barriers for anyone willing to venture into the world of internet criminality.
There is also a vast distinction to be made between the widespread ransomware distribution attack, and its more sophisticated and targeted counterpart. This latter approach will net far bigger rewards, albeit it requires a lot more work. Victims have to be carefully selected and vetted before spreading the payload. However, the reward is well worth the effort.
What are your thoughts on the amount of money to be made with ransomware/? Let us know in the comments below!
Source: Dark Reading
Images courtesy of Flashpoint, Shutterstock