Ransomware is now big business on the dark web and malware developers are cashing in

Some ransomware sellers are now pocketing salaries of over $100,000 a year.
Written by Danny Palmer, Senior Writer

Video: Think cybercriminals are happy about the rise of ransomware? Think again

The total value of ransomware sales on dark web market places has rocketed from $250,000 to over $6m in just a year, as demand for the file-encrypting malware grows.

Ransomware has hardly been away from the public eye this year, with global the outbreak of WannaCry making it a bringer of global chaos, while prominent ransomware families like Cerber and Locky continue to be a thorn in the side of organisation around the world.

Ransomware has become a lucrative tool for cybercriminals as it's easy to buy if you know where to look, attacks are easy to carry out and perhaps most crucially, a large percentage of victims are willing to give into the ransom demands of criminals in order to regain access to their systems.


Some ransomware vendors are making more than $100,000 a year.

Image: Igor Stevanovic, Getty Images/iStockphoto

Researchers at Carbon Black monitored dark web forums for offerings of ransomware and have estimated that the marketplace has grown to be worth $6,237,248.90, representing a 2,502 percent increase in the sale of ransomware since 2016.

The prices of ransomware for sale ranged from $3,000 for custom built ransomware to just $1 for a basic screen locker targeting Android devices, with the most common way to make payments being in Bitcoin, as it's anonymous nature makes it difficult to track transactions.

Analysis of the underground marketplaces also found a clone of Philadelphia ransomware on sale for just $1 way below it the 'real' version's $400 selling point and once again demonstrating that there's no honour among thieves in the world of cyber crime.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

Analysis by Carbon Black researchers has calculated that some ransomware vendors are making more than $100,000 a year, simply by selling ransomware -- and unlike legitimate software developers, it's highly unlikely ransomware vendors will be paying tax on their earnings.

"They are pulling in these salaries by selling one of several components of the ransomware supply chain or by selling complete, do-it-yourself, ransomware kits," Rick McElroy, security strategist at Carbon Black, told ZDNet.

"The overall ransomware economy is expanding into goods and service, much like the regular markets we participate in during our daily lives."

While small-time scammers do want a piece of the ransomware pie, much of the marketplace is controlled by specialised, organised gangs.

Because of this specialisation, The Ransomware Economyreport warns, ransomware attacks are more likely to succeed -- especially if threat actors take the time to customise attacks for specific targets, or even distribute kits which enable even those with no skill to do so. That means the power to attack is in the hands of anyone looking to make illicit profits.

"We don't expect the ransomware market to slow down until businesses and consumers take the threat seriously. As long as there's money to be made, cybercriminals will keep attacking," says McElroy.

While some cybercriminals are going all-in on ransomware, a recent report says senior figures in the ransomware fraternity believe that the number of amateurs getting involved and carrying out poorly implemented campaigns is going to lead to the downfall of the malware as a money-making tool.

Previous and related coverage

WannaCry ransomware was the biggest challenge of the year, says cybersecurity centre

Government still learning lessons from ransomware that hit 300,000 PCs worldwide and took down dozens of NHS trusts.

Cybersecurity spotlight: The ransomware battle [Tech Pro Research]

Ransomware is an escalating, increasingly sophisticated threat--and no one seems to be immune. This ebook looks at how the malware works, who it's affecting, steps to avoid it, and what to do if you're attacked.


Editorial standards