How cybercrooks made $330K from ransomware without really trying

The small cybercrime ring behind the CryptoWall 3.0 ransomware was able to collect more than $330,607 in ransom from 670 victims, according to new research.

The figures, published by security firm Imperva, are based on an analysis [PDF] of Bitcoin wallets linked to malware-wielding extortists.

Security researchers discovered that cybercrooks demand different amounts based on the geographical location of their victims.

The ransom amount in the US is $700, a figure that gets reduced to $500 for victims in Israel, Russia, and Mexico. Imperva was able to identify around 1,217 BTC ($337,607) being paid out in ransom in a short period.

A deeper follow-up study would likely identify many more wallets. Imperva concedes it is focusing on one small group that's involved in a much bigger scam.

CryptoWall 3.0 operates by encrypting data on compromised machines before demanding a payment (payable in BitCoins) for the private key that may be necessary to unscramble files and recover their contents.

The FBI received nearly 1,000 complaints between April 2014 and June 2015 from CryptoWall victims reporting combined losses of over $18 million. The true losses are likely to be a lot higher than this. Industry group the Cyber Threat Alliance (CTA) estimated in October that CryptoWall in its various guises is to blame for $325 million in losses.

The estimate – which seems high – comes from combined threat research and intelligence from the founding and contributing members of the CTA (Symantec, Palo Alto Networks, Fortinet and Intel Security). ®