Appeal of ransomware sees sales rise from $250,000 in 2016 to over $6m in 2017 – and some ransomware sellers are now pocketing a salary of over $100,000 a year.
Analysis by Carbon Black researchers has calculated that some ransomware vendors are making more than $100,000 a year, simply by selling ransomware – and unlike legitiamate software developers it’s highly unlikely ransomware vendors will be paying tax on their earnings.
“They are pulling in these salaries by selling one of several components of the ransomware supply chain or by selling complete, do-it-yourself, ransomware kits,” Rick McElroy, Security Strategist at Carbon Black told ZDNet.
“The overall ransomware economy is expanding into goods and service, much like the regular markets we participate in during our daily lives”.
While small-time scammers do want a piece of the ransomware pie, much of the marketplace is controlled by specialised, organised gangs.
Because of this specialisation, The Ransomware Economyreport warns, ransomware attacks are more likely to succeed – especially if threat actors take the time to customise attacks for specific targets, or even distribute kits which enable even those with no skill to do so. That means the power to attack is in the hands of anyone looking to make illicit profits.
“We don’t expect the ransomware market to slow down until businesses and consumers take the threat seriously. As long as there’s money to be made, cybercriminals will keep attacking,” says McElroy.
While some cyber criminals are going all-in on ransomware, a recent report says senior figures in the ransomware fraternity believe that the number of amateurs getting involved and carrying out poorly implemented campaigns is going to lead to the downfall of the malware as a money-making tool.