People targeted by hackers have shelled out a combined $25 million in ransoms in the last two years. Researchers came to the mind-boggling total after tracking Bitcoin transactions paid the hackers through the blockchain. The Bitcoin transactions were then compared against known samples to come up with a comprehensive overview of the ransomware environment. The researchers – drawn from Google, Chainanalysis, UC San Diego, and NYU Tandon School of Engineering- tracked 34 separate families targeted by ransomware attacks. They then revealed to the families that just a few strains of malicious software were responsible for many of the attacks and resulting profits to the hackers.
Locky, one of the strains, was discovered as the ‘patient zero’ of a recent epidemic that has earned the hackers more than $7 million in payments since early last year. Speaking to Verge, NYU Professor Damon McCoy who was part of the project, said that one of Locky’s big advantage was the decoupling of the people responsible for marinating the malware, from the ones tasked with infecting the victims’ machines. He said that Locky focused only on building the malware and its support structure. After creating the malware, they then used other botnets – which were more efficient at the other end of the effort- to spread and distribute it.
Approximately $6.9 million and $1.9 million was also paid to hackers after other ransomware such as Cerber spread, though the amount that finally made its way back to cyber criminals is not yet known. The research also revealed that hackers are getting more innovative with their attacks and acting like traditional terrorists. The hackers are finding new ways to skirt antivirus software. The hackers have developed a new trick that enables their more sophisticated malware to change binary automatically. Changing binary allows the malware to get past security protection programs. The programs typically scan for identical binaries, can’t spot the disguise.
Earlier this month, Android users received warning that a new type of ransomware was in the wind and all phones are susceptible to it. Dubbed LeakerLocker, the ransomware could potentially leak the Android users’ data to anyone on their contact list. This malicious software was being spread through fake apps on the Google Play Store. GhostCtrl is another strain causing worry. The strain can disguise itself as WhatsApp and secretly record you. It stores recordings of a user’s private calls and videos. It can also lock the device’s screen, and reset the passwords, making it perfect for ransoming users whose devices have been infected.