A recent study has suggested that cyber-thieves can reap returns of almost 1,500% when they invest in ransomware (http://www.bbc.co.uk/news/technology-33048949).
David Lomax, director of sales engineering, EMEA at Barracuda Networks said: "At Barracuda we have seen this change over the past few years. At the start hackers were using bot army’s to run DOS or DDOS against high value websites (gambling and high volume e-commerce) to simply block or break the site.
For these types of websites a few hours of downtime or unavailability could be millions of dollars worth of revenue lost. These types of attacks have slowed as the same principals of dealing with terrorists was introduced. Simply they just won’t pay up. As with SPAM if you don’t make money out of the campaign there is very little point continuing. These types of sites also had the expertise and financial resources to add multiple layers of security to mitigate the attacks.
Recently, we have seen end users being targeted with ransomeware like Reveton, CyrptoLocker & CyrptoWall. These attacks would lock/encrypt data on user’s computers making their files inaccessible until a fine was paid. There were often time limits added to these demands making any other resolution seem unfeasible. These attacks have also migrated onto mobile platforms as well. This can sometimes be less of a risk as most mobile devices have comprehensive cloud backup solutions (IF they are used). These types of attacks have been very lucrative for hackers and are still very popular.
Now you see more targeted attacks on websites. These could be for religious or government purposes for example ISIS & the Syrian Electronic Army. That’s not to say there are not attacks focusing on making money. If you can seed malware into a website the amount of information you can get it huge. Website passwords, credit card information and potentially intellectual property from file sharing sites can suddenly become very vulnerable. Recently sites like jamieoliver.com were seen to be hosting malware within their sites code. The data held on e-comerce websites is high value. Over 90% of companies that loose file for bankruptcy within 12 months. So a ransomeware app has the potential to make huge revenues if the hackers can control the data.”
Rickey Gevers, Malware Researcher at RedSocks added: “These numbers are plausible, but in my experience it’s unlikely that many cyber criminals are making this kind of cash. Our own research shows that on average these guys are probably making around 10,000 euros per month. In the malware economy of ‘click, buy and deploy’ it’s easy for cyber criminals to make a relatively comfortable living from this type of underhand activity. Organisations and individuals alike need to be on their guard.”