Over the past two years, 35 unique ransomware incidents caused cybercriminals a profit of approximately $25 million.
This data originated from a study by Google and the NYU Tandom School of Engineering. The results of the data concluded that the top ransomware earners were Locky, Cerber and CryptXXX that earned $7.8 million, $6.9 million and $1.9 million, respectively.
The trick with Locky is that its creators concentrated on malware development and finessing the supporting botnet structure. The reason the malware spreads faster and wider that other ransomware is because development and distribution were kept separate. Locky has hence generated more than 28 percent of the $25 million earned by ransomware since 2016.
According to Google, the writers behind CyptoLocker, Locky and Cerber have improved avoiding detection by the means of producing malware that can automatically change binaries. Google claims this to be the key when it comes to finding a way around antimalware protection.
However, this study also shows that ransomware attacks such as WannaCry and NotPetya were unsuccessful at acquiring the ‘ransom’. This was due to the fact that it was more a ‘wiper’ malware that did not really comply to the typical ransomware attributes. Kylie McRoberts, a senior strageist with Google’s Safe Browsing team called the wiper malware trend ‘the rise of the ransomware impostors’.
Researchers have also stated that ransomware will be more common and extensive in the upcoming year, as will the number of impostors who have intentions of causing more damage than extort money.
“Ransomware is here to stay and we will have to deal with for a long time to come,” said Kylie McRoberts.