Latest trends in the ransomware business

“Cybercrooks wielding ransomware might prefer getting paid in Bitcoin, but the crypto currency is just a way to obfuscate the real destination of the payment – as soon as they can, they turn the Bitcoin into “real” money, IBM senior fraud prevention strategist Etay Maor shared in his presentation at RSA Conference 2015.

The unpopularity of Bitcoin when it comes to keeping their money where they can see it and use it is due to the currency’s ever oscillating worth and, in the last year or so, its continuing descent.

Laundering the ransom money is no problem for the crooks, as they either employ established services or find money mules themselves. The mules are recruited across the globe: in Asia and Australasia they are mostly overseas students, while in Europe they are usually retirees, Maor told The Register.

Ransomware remains a great source of income for cyber crooks, as many, many users ultimately pay the ransom in order to get their files back. Also, the criminals are finding it easier to get the money directly from the victims, instead of first stealing their information, and then attempting to impersonate them in order to get to their money.

Lately, ransomware peddlers have also taken to targeting website administrators with the malware. As the loss of files and databases in these cases could result in considerable loss of revenue, the victims are more than likely to opt for paying the ransom.

Aside from using exploit kits to deliver the malware, they have also started renting botnets to do the job.

A recent report by Symantec has shown out that ransomware slingers have also been expanding their horizons.


“Ransomware was a phenomenon that first emerged in Europe and then spread throughout the world. Primarily, the focus had been on affluent and English-speaking regions of the world, but increasingly we have seen cybercriminals turn their attention to countries in the Far East,” says Symantec’s Joji Hamada.

In order for this attacks to be successful, the crooks have localized the ransomware, and it now shows ransom notes in Japanese and Korean.

“The emergence of ransomware attacks specifically targeting Far Eastern countries is significant as it shows that attackers are waking up to the vast potential of these markets and the increasing wealth of this region. Language may have been a barrier to entry in the past but this is no longer the case,” says Hamada, but points out that the ransom notes appear to have been written by a non-native speaker or by using automated online translation services.

Don't miss