October 12, 2017
A report released today by US cyber-security firm Carbon Black highlights a 2,502% growth in the ransomware Dark Web economy, compared to the previous year.
The report comes to reinforce predictions made by most cyber-security experts last year when they said ransomware would play even a more central role on the infosec scene and the cybercriminal economy.
Experts identified over 45,000 ransomware for-sale listings
To compile data for their report, Carbon Black researchers trawled the Dark Web for websites and forum posts selling ransomware or ransomware related services.
Experts say they've identified over 6,300 places where crooks had advertised their services, and over 45,000 ads.
Prices varied wildly, from $0.50 to $3,000, but this was because malware authors chose different pricing models for, some practicing a per-sample pricing, while others using monthly or yearly rental fees.
"Comparing 2016 vs. 2017 YTD, the ransomware marketplace on the dark web has grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%," Carbon Black experts write in their report. "This economy extorts, according to the FBI, ransom payments that totaled about $1B in 2016, up from $24M in 2015."
RaaS portal drove ransomware growth in 2017
As we've noted in the past, the rise of Ransomware-as-a-Service (RaaS) portals starting with early 2017 has spurned this growth that Carbon Black has reported.
But according to Carbon Black, the ransomware Dark Web economy is much more varied. For example, you have RaaS portals that provide all-in-one services, those who provide limited services, and individual sellers that provide just the ransomware.
All-in-one RaaS portals offer the ransomware strain itself, integration with distribution channels (exploit kits, spam botnets, etc.), a payment portal to manage Bitcoin ransoms, a decryptor to unlock files, and technical support for buyers. All of this is provided from a simple web-based backend panel.
Limited service RaaS portals provide the ransomware strain, and only a few of the services above, usually at lower prices.
On top of this, we have lone sellers — malware authors that only sell the ransomware strain and let buyers handle the rest, the best they can.
Ransomware authors making around $100,000/year
There's a market for everyone, and according to Carbon Black, some ransomware authors make over $100,000 per year, which is way above the average salary for a legitimate software developer ($69,000).
Of course, the report does not include data from ransomware authors selling their products on the clear and deep web, or other services like XMPP spam.