Carbon Black & VMware Announce Expanded Partnership to Secure the Software-Defined Data Center (SDDC) Learn more

Excerpts from The Ransomware Economy: Analysis

cb-ransomware-03
Rick McElroy
sean_blanton
October 19, 2017 / Rick McElroy Sean Blanton

Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is an excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Future-Proof Your Ransomware Prevention webcast hosted by Scott Hanson, Senior Managing Consultant, Cyber Security and Investigations at Kroll.

Analysis

During August and September 2017, Carbon Black researchers monitored 21 of the largest dark web marketplaces for new, virtual offerings related to ransomware. The description of the offering and the sales price were recorded.

To represent the complete dark web economy, the sample of findings from 21 of the largest marketplaces was extrapolated to a population-wide value based on an assumption that approximately 25% of the total dark web website population is composed of similar marketplaces. (NOTE: All prices and values are reported in USD. In instances where prices were offered in Bitcoin, conversion to USD was made for the day the offer was identified.)

Based on our research, ransomware has become its own economy based on a turnkey system. As of this writing, there are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current listings.

The offerings on these marketplaces are vast, ranging from lockscreen ransomware targeting Android devices (for $1.00) to custom ransomware including source code ( for $1,000+.) The chart below reflects a sampling of listings and USD prices for underground ransomware offerings during a portion of September 2017.

RANSOMWARE PRICE (USD)
Custom Stealer Ransomware BTC  $199
Code Source Bitcoin Thief & Ransomware BTC  $99
Intelligent Bitcoin Theif Copy/Paste Source Code/Ransomware Modified 2017 More Agressive  $50
Android Locker Ransomware  $250
Ransomware – Custom Made  $1470
Ransomware Pigsaw Source Code Modified 2017  $30
Personal Custom Stealer & Ransomware BTC  $75
Source Code Bitcoin Thief & Ransomware BTC HQ  $50
Intelligent Bitcoin Theif Copy/Paste Source Code/Ransomware Modified 2017 More Agressive  $25
?Code Source Bitcoin Thief & Ransomware BTC???  $99
6 Bitcoin Ransomware Easy Money System  $5
Philadelphia Ransomware and Other Make Top $$$(Clone) $1
Custom Stealer & Ransomware $50

 

In aggregating all of the data from August and September, we found the median cost of a ransomware offering to be $10.50

______________________________________________

 

For more information about the rise of ransomware, and what you can do about it, check out the Future-Proof Your Ransomware Prevention webcast hosted by Scott Hanson, Senior Managing Consultant, Cyber Security and Investigations at Kroll.

Watch Now

______________________________________________

 

We found six listings with prices greater than $1,000. These listings are either custom-developed, unique code or have been seldom-deployed in the wild.

See below for ransomware offerings by price in USD.

For ransomware authors, successful creation and selling of ransomware offerings appears to be fruitful. Based on our research, some ransomware sellers are making more than $100,000 per year simply retailing ransomware. In some instances, this is double the salary for legitimate software developers, who pull in an average of $69,000 a year, according to PayScale.com. (In Eastern Europe developer salaries are a bit lower, hovering around $45,000.)

Ransomware developer salary vs legal software development by country is shown below2

 

______________________________________________

 

For more information about the rise of ransomware, and what you can do about it, check out the Future-Proof Your Ransomware Prevention webcast hosted by Scott Hanson, Senior Managing Consultant, Cyber Security and Investigations at Kroll.

Watch Now

______________________________________________

 

With the ability for ransomware authors to make more than $100,000 per year (and probably tax free), it comes as very little surprise that dark web underground economies are flourishing. Through a historical analysis of dark web database dumps, we were able to determine that the underground economy for ransomware has grown 2,502% in 2017 when compared to 2016.

Shown below is a comparison of ransomware sales on the dark web in 2016 vs. 2017.

Additional Resources

 

For more information about the rise of ransomware, and what you can do about it, check out the Future-Proof Your Ransomware Prevention webcast hosted by Scott Hanson, Senior Managing Consultant, Cyber Security and Investigations at Kroll.

Watch Now

TAGS: Carbon Black / ransomware / Threat Analysis Unit / threat research

Related Posts