Cybercrime is a profitable business, last week we reported that according to security experts at Check Point, the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and US.
What about ransomware?
According to a new analysis published by the security firm Flashpoint, a small gang of crooks could find very profitable a ransomware campaign.
The researchers from the security firm Flashpoint has been following a ransomware-as-a-service campaign operated by a Russian gang since December 2015. The experts tracked the activities of the group, including the payment processes, the recruitment of new members for specific tasks, and the distribution of the malware.
The researcher identifies the leader of the gang, a cyber criminal active since at least 2012, then they observed how he recruited other members to organize the ransomware campaign.
“Based on our coverage of the Deep & Dark Web, this particular ransomware crime boss has been active since at least 2012. His primary institutional targets have included corporations and individuals in various Western countries. Based on multiple indicators, it appears that the ransomware boss operates out of Russia.” states the report published by FlashPoint.
The leader recruited people with the promise of sharing the profits from his campaign. The boss intent was to hire low-level cybercriminals without specific coding skills to help him reaching out to users in the Russian underground on the Deep Web.
“This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time,” states the recruitment notice appeared in the .
“It is desirable, of course, that you have already had some minimal experience in this business. But if you have no experience, it is not a problem. In addition to the file, you will receive detailed instructions on how and what to do – even a schoolboy could do it; you need only time and desire.”
The recruitment activities allowed the boss to hire 10 to 15 affiliates that helped him in spreading the ransomware via:
When the victims are infected the gang requests the payment of a $300 fee to rescue to encrypted files, the communications with the victim are handled directly by the boss.
As usual, the payment is in Bitcoins and the money was laundered via Bitcoin exchanges.
The boss compensated the affiliates with 40 percent of the ransom keeping for himself the rest.
The researchers followed the payments discovering that at least 30 ransom were paid by victims, netting the boss around $90,000 a year and his affiliates an average $600 a month depending on their abilities to spread the ransomware. Larger ransomware gangs will trouser far larger sums, of course, as much as $90,000 a week or more.
The data are very interesting if we consider larger organization we can speculate that they are able to earn sums, more than hundreds of thousands of dollars per month.
Below the key findings shared by the security firm:
We all know that cyber crime is a risky activity, but less than other conventional crimes. The members of the gang risk long severe sentences, but the financial gains are attractive because they are higher compared the gains of an average Russian citizen.
If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.
(Security Affairs – ransomware, cybercrime)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.