Ransomware crims earning $1m a year - report
Monthly campaign would generate $90,000 in revenue and cost only $5,900, Trustwave estimates
Cybercriminals can expect to bank $84,100 (£54,400) in profit from a typical monthly ransomware campaign, according to Trustwave, equivalent to an annual pay packet of just over $1m.
In its latest annual threat report, the security vendor estimated that a large-scale, 30-day ransomware campaign would generate proceeds of $90,000, with an investment of only $5,900 required.
With an estimated return on investment of 1,425 per cent, the spoils of an opportunistic attack can be greater than those from the targeted attacks that have dominated headlines in recent years, Trustwave said.
It claimed all its calculations were based on actual tools and services for sale in underground markets used in real attacks in 2014.
A budding cybercriminal need cough up just $3,000 for ransomware variant CTB-Locker and $500 to rent RIG, an exploit with a promised infection rate of 10 to 15 per cent, Trustwave found.
Purchasing access to compromised websites that will generate traffic of 20,000 users a day will set them back a further $1,800 a day. Finally, camouflage that will ensure the payload is not detectable by anti-virus is theirs for a snip at $600.
Based on estimates that 0.5 per cent of infected victims will pay a $300 ransom, estimated proceeds will come in at $90,000 - without the perpetrators having to write a single line of code. See p67 of the report for a more detailed breakdown.
"To succeed in a targeted attack takes far more expertise and effort than an opportunistic attack that distributes malware to many thousands of users," Trustwave said.
"In fact, the burgeoning underground market for related tools, services and support allows cybercriminals to carry out these opportunistic attacks and generate significant revenue without developing even a single line of code themselves."
Commenting on the report, George Quigley, a partner at KPMG's security practice, said the threat posed by ransomware is growing because of two factors.
"The first is that the expertise can be bought; you don't need to be an expert to do this," he said. "The second is that the economics make it more than viable."