Cybercriminals have been earned over $16 million by distributing ransomware for 2 years

Atlanta ransomware attack

According to GlobalSpec reports, in the past two years, cybercriminals have profited over $16 million by distributing ransomware to target devices. Compared with other countries and regions, Koreans seem to prefer to pay ransom to restore their documents when they become victims of ransomware because more than 2.5 million of them are paid from South Korea.

Ransomware is a Trojan horse that has been very popular in the past two years. After infecting a victim’s device, it encrypts the local files on the device (such as documents, mail, databases, source code, pictures, compressed files, etc.) and makes the victim The person cannot start or use his own equipment as a prerequisite to extorting money from the victim.

In a paper that was scheduled to be published in IEEE Security & Privacy Symposium in San Francisco in May this year, a research team detailed the ransomware payment ecosystem from the initial attack to the final cash checkout. The arguments mentioned above are presented in this paper.

The team consists of researchers from New York University’s Tandon Polytechnic Institute, the University of California, San Diego, Princeton University, Google, and Chainalysis, a blockchain analysis company.

The research team also found that most ransomware operators will convert Bitcoin, which the victim paid as ransom, to fiat currency through the Bitcoin exchange BTC-E.

The team estimates that at least 20,000 people have chosen to pay ransom to ransomware operators in the past two years in order to restore their documents. The total amount of ransoms that have been confirmed exceeds $16 million, but the total amount of ransom actually paid may be much higher than this figure.

The research team stated that they used the public nature of Bitcoin’s blockchain technology to track ransom transactions over the past two years. Bitcoin is the most common currency in ransom payments for ransomware, and since most victims did not originally own bitcoin, the original Bitcoin purchase became an entry point for tracking ransom payments.

Each victim of ransomware usually receives a unique payment address, which is the Bitcoin wallet address used by the ransomware operator to receive the ransom.

The research team stated that they used public reports of ransomware attacks to determine these addresses and associate them with blockchain transactions.

Damon McCoy, research group principal researcher and assistant professor from NYU Tandon School of Engineering, said: “Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected.”