How much money do cyber crooks collect via crypto ransomware?

“FireEye researchers have calculated that the cybercriminals wielding TeslaCrypt and AlphaCrypt have managed to extort $76,522 from 163 victims in only two months.


“This amount may seem trivial compared to millions made annually on other cyber crimes, or the estimated $3 million the perpetrators of CryptoLocker were able to make during nine months in 2013-14. However, even this modest haul demonstrates ransomwares ability to generate profits and its devastating impact on victims,” they noted.

The researchers were able to calculate the sum because most victims preferred to pay the lesser ransom amount (from $150 to $500) in Bitcoin instead of paying $1,000 in PayPal My Cash cards.

Between February and April 2015, the researchers registered 1,231 known victims, 13 percent of which decided to pay the ransom.

“Of the victims who paid the ransom, 139 paid a range of 0.5 to 2.5 bitcoin. Another 20 paid with PayPal My Cash cards, and all but one of those individuals paid the full $1,000 US dollars,” they shared.

“Three of the victims pleaded with the cybercrime group, who then provided the decryption keys for free, and one appears to have tricked them by claiming a bitcoin payment that does not appear to have actually taken place. Some of the victims attempt to bargain with the cybercriminals to reduce the ransom. Sometimes they are successful; sometimes they are not.”

The researchers discovered all this by analyzing the messages exchanged by the victims and the crooks via the messaging system the latter set up and referenced in the instructions for executing the ransom payment.

The messages also show that the criminals do not choose who to target: victims are individuals, businesses, non-profit organizations, and charities located all over the globe.

The researchers say that ransomware is here to stay for the next few years at least, and users would do well to make regular backups of their important files. Keeping these backups disconnected from the computer they use and even from their network is also a good idea.

By the way, there is some good news for TeslaCrypt victims: Cisco researchers have recently made available a tool that might help them decrypt their files without paying the ransom.”