Ransomware Is Big Business on the Dark Web

Print Email

There are currently an estimated 45,000 ransomware products for sale at more than 6,300 dark web marketplaces at a median price of just $10.50. The market for these products has grown from around $250,000 in 2016 to more than $6.2 million so far in 2017.

The damage this causes to businesses and consumers totaled about $1 billion in 2016, according to FBI data, up from around $24 million in 2015.

The data are included in a new report from security firm Carbon Black, “The Ransomware Economy” that noted the 2,500% year-over-year jump in the dark web marketplace for ransomware.

The dark web is an overlay network on top of the internet that requires special software to access. The anonymity network known as Tor is a good example. In addition, the rise of various digital currencies like Bitcoin, which conduct anonymous transactions that shield ransomware attackers from easy discovery.

The ransomware software being sold on the dark web typically comes as an easy-to-use, turnkey system that sells for between $1 for cloned programs to more than $1,000 for a custom program. Some ransomware developers earn more than $100,000 a year, well above the average $69,000 paid to U.S. software developers in legitimate businesses.

In addition to the anonymity provided by Tor and Bitcoin and the wide variety of ransomware offerings for sale, Carbon Black cites a lack of fundamental security controls as the third reason that the ransomware economy is exploding.

Based on its own survey, Carbon Black found that 12% of personal computer users would be willing to pay $500 or more to get their data back after a ransomware attack while 29% would pay between $100 and $500 to get their data returned. The rest — 59% — would pay less than $100.

The catch, of course, is that no matter what amount a user pays, the data is almost never returned. And therein lies a key to putting the ransomers out of business:

By decreasing the [return on investment] for attackers, defenders can decrease the financial incentive for the crime. Additionally, we need to STOP paying ransoms. The system only works if victims choose to pay. Until people decide not to pay, this problem will only continue to grow. Additionally, as it stands right now, law enforcement cannot scale to the problem. Companies are largely on their own when it comes to stopping ransomware attacks.

Looking ahead, Carbon Black said it expects “threats to converge resulting in the underground market increasing the profit-sharing model and a consolidation and centralization of threats. This consolidation means ransomware strains may become fewer but more effective.”

The full report is available at the Carbon Black website.