There are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current product listings, according to a report released by Carbon Black.
“The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year” report also revealed that the prices for do-it-yourself (DIY) ransomware ranges from $0.50 to $3,000. The median price is $10.50.
When comparing 2016 vs. 2017 YTD, ransomware sales on the dark web have grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%. According to the FBI, ransomware extorted about $1B in 2016.
Some ransomware sellers are making more than $100,000 per year simply retailing ransomware.
The most notable innovations contributing to the proliferation and success of the dark web ransomware economy have been the emergence of Bitcoin for ransom payment, and the anonymity network, The Onion Router, better known as TOR, to mask illicit activities.
Ransomware sellers are increasingly specializing in one specific area of the supply chain, further contributing to ransomware’s boom and economy development.
“Based on our research, ransomware can no longer be perceived as petty criminals performing stick ups and kidnappings,” said Rick McElroy, Carbon Black’s security strategist. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit. Today, legitimate enterprises avoid heavy investments in infrastructure--and hackers are no different. In fact, with Ransomware, hackers have set a model for a cloud-based, high profit and effective turnkey service economy.”
The report outlines the various components of the ransomware supply chain, offers projections for the evolution of ransomware, and provides several tips on how businesses and consumers can protect themselves from ransomware attacks.
“With the ability for ransomware authors to make more than $100,000 per year, it comes as very little surprise that dark web underground economies are flourishing,” said McElroy.
“The sad reality is that many businesses are on their own when it comes to staying protected. A lack of fundamental security controls such as backups, testing, restoration, patching, visibility, and out of date prevention strategies means business can expect the problem to get worse before it gets any better.”