Ransomware Attacks: Victims Have Paid More Than $25 Million Since 2014

Ransomware attacks have grown increasingly more common in recent years and their impact shows in the wallets of victims. Those who have fallen prey to ransomware have paid more than $25 million in ransoms since 2014, a study found.

The data comes from researchers at Google; blockchain analysis firm Chainalysis; University of California, San Diego; and the NYU Tandon School of Engineering, who worked to follow cryptocurrency payments to find out just how much attackers have generated by holding files hostage.

Read: Largest Ransomware Paid: South Korean Web Host Pays More Than $1M After Attack

The study looked at 34 separate families of ransomware to track down payments made by victims of the attacks. The researchers found most of the payments came from just a few strains of ransomware.

Locky ransomware, first discovered in 2016, was responsible for $7 million in payments on its own. The way Locky operates was unique at the time, as the people who create the malware are not necessarily the people who are infecting machines. The creators of Locky sold the malicious software to bad actors who can then carry out their own attacks with the ransomware.

That method for malware makers—profiting off the malware itself rather than profiting off attacks—has caught on, and malware and ransomware have become relatively easy to purchase even for the less technically inclined.

The model Locky created has become popular with other ransomware strains as well. Cerber and CryptXXX have both implemented the same scheme. While it’s not known how much the ransomware creators generated off selling the software, victims of Cerber have paid out $6.9 million and victims of CryptXXX have paid $1.9 million, according to the study.

Read: Cyberattacks: Phishing, Ransomware Attacks Rose In 2016, Symantec Reports

Most ransomware works because it creates a sense of urgency for the victim. The attacks hold files hostage, encrypting them on the infected machine and refusing to release them—in some cases even threatening to delete them—if a ransom is not paid within a certain timeframe.

While most cyber security experts and law enforcement recommend victims of ransomware not pay the fee—doing so often encourages secondary attacks in an attempt to extort more money—some inevitably will either out of fear or because they have no alternative to regain access to their files. Keeping regular backups is the best way to avoid such a situation.

Ransomware hasn’t just grown more prominent in recent years—it’s also become more demanding. According to a study published earlier this year by Symantec, ransom demands spiked by 266 percent in 2016, with the attackers demanding an average of $1,077 per victim—up from $294 in 2015.

In May, a massive ransomware attack known as WannaCry hit over one million machines in 150 countries around the world. The attack temporarily disabled operations of everything from major corporations to hospitals and even stop lights.

Additionally, this year has also produced the largest ransomware payment yet. South Korean web hosting company Nayana paid more than $1 million to restore its operations after its servers were hit by a massive ransomware attack.