Based on a security report which followed a Russian ransomware operation for 6 months, ransomware teams – specifically their managers – tend to make a considerable amount of money. According to the research, the supervisors of such campaigns can make up to US $90,000 yearly.
Compared to schemes used by other cybercriminals, ransomware can be less tedious. For approximately $7,500 per month, ransomware managers are mainly responsible for the recruitment of ransomware distributors and the development of the malware.
The more capable ransomware managers, with their more than adequate coding skills, might just need a few hours per week to start and maintain such an operation; making ransomware a low-effort, high-reward gig.
The security report also confirmed that ransomware has been lucrative for cybercriminals, even those in the lower rungs of their network.
Ransomware operations have not been showing signs of slowing down; this does not bode well for corporations and civilians who are not on the guard against these types of cyber-attacks.
Capabale ransomware managers just need a few hours of work per week – making it a low-effort, high-reward gig.
A majority of security experts believe that operating a ransomware campaign is not that difficult to do. A campaign leader usually searches for willing distributors, paying them by commission for each victim who surrenders the ransom amount. A distributor, however, is usually independent of the manager in terms of looking for targets.
Distributors can purchase “botnet installs” from their fellow cybercriminals, develop these as their own; use Phishing scams or social media lures; and infect websites; among other tactics. They are said to earn in the range of $600 a month, and a manager usually goes with 10-15 of them in any given campaign.
The Russian ransomware campaign that was the focus of the aforementioned report usually gives out 40% in commissions, a somewhat generous amount for a custom made ransomware. The report did not disclose the family the ransomware belonged to, or any other details about the ransomware campaign or its perpetrators, though.
A command and control server is not utilised in this Russian brand of ransomware, making it more difficult to pinpoint and close down. This also translates to the victim not being able to pay or have their files decrypted automatically.
To arrange the payment drop and obtain the decryption key for their files, the victim will have to email the ransomware manager. Based on the report, the ransom payments are laundered well; with a starting amount of $300 and about 30 payouts a month.
The Russian manager, however, did commit an action typically frowned upon by other ransomware managers and teams. He commanded additional payments from a victim who had already paid. This is usually considered bad for business, even amongst cybercriminals.
When a victim is assured that his or her files will be released when he or she pays the ransom, he or she is more likely to pay knowing that there are no strings attached. When an attacker asks for additional ransom and doesn’t decrypt the files, victims will no longer be willing to pay. This can result into the “turnkey” ransomware industry coming to a stop.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.