Ransomware is a industry rapidly growing and making at least $5 million annually, Symantec said Thursday.
“If you look at the nature of the beast, it really puts the screws to you,” said Kevin Haley, director of Symantec’s security response team, in an interview yesterday. “We see so many gangs moving to ransomware, looking for new angles, new versions [of the malware], that we’re going to see a lot of this in the future.”
The criminal scheme has been in play for at least a half-dozen years, but until relatively recently, was rare, ineffective and focused on Eastern European victims.
They’ve also expanded their spreading territory. “It began in 2011, when they started to move out of Eastern Europe, to Germany and the U.K., then began to move westward to the U.S,” said Haley. From the first to the third quarters of 2012, for instance, Symantec pursued a significant uptick in ransomware infections in the U.S.
Symantec was able to estimate what criminals earn from ransomware after uncovering a command-and-control (C&C) server used by one family of the malware. The ransom note demanded $200 from each victim, putting $33,600 in the criminals’ pockets. Extrapolating the 68,000 infections over the course of a month put the total at nearly $400,000.
The Symantec report on different ransomware can be found on its website (download PDF).