A recent study published by anti-malware service Carbon Black has revealed that the sale of ransomware software on the dark web has risen a staggering 2,502% from 2016 to 2017.
The huge number further confirms the general rise of malware and ransomware and points to a further increase of attacks in the future.
At the time of Carbon Black’s report, they found over 6,300 dark web marketplaces selling ransomware with 45,000 product listings. The median price for a DIY kit is US$10.50, with some as low as $0.50 and as high as $3,000.
The growth of ransomware sales from US$249,287 in 2016 to US$6,237,248 in 2017 just highlights the exploding market and the bad guys are taking advantage of it. Some sellers of ransomware are making upwards of 100k a year simply selling on their software. The graph below from Carbon Black shows how this compares to legitimate software developers.
The emergence of Bitcoin has helped fuel the success of the dark web ransomware economy by providing a convenient way to pay ransom, and the anonymity of the Tor network means sellers are almost untraceable. Traditionally bank transfers and credit cards leave a trial and aid law enforcement in the quick take down of scams, because Bitcoin doesn’t need a bank account, it’s almost impossible to identify the recipient.
The majority of ransomware are spread via email so make sure you know the red flags to look out for. You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.
Remember to always stay vigilant about what links you click and what information you provide. It’s also important to have a working Disaster Recovery Plan in place in case everything goes belly up.