Scammers rake in $33,000 a day through ransomware

Cyber criminals are taking in up to $33,000 per day using ransomware scams, according to security vendor Symantec.

Symantec revealed that advance in their attack methods and a lack of awareness on the part of the scams' victims has made ransomware an increasingly profitable tactic for criminal gangs, in its Ransomware: A growing Menace report, published on Thursday.

The reports findings were based on ongoing research into 16 of the best known independently developed ransomware variants found running over the past two years.

Symantec highlighted detecting and monitoring one particularly successful variant of the Ransomlock Trojan which reportedly had 68,000 unique IP addresses connecting to its command and control server September through October.

At its peak, Symantec warned that it saw 5,700 IP addresses connect to the server in one day. The paper reported that of the 5,700 connections, the crook persuaded 168 users to hand over money, earning them $33,000.

Worse still, the researchers said their findings were a conservative estimate, warning ransomware scams are in reality probably earning criminal gangs much more money.

"Given the number of different gangs operating ransomware scams, a conservative estimate is that over $5 million dollars a year is being extorted from victims," wrote Symantec.

"The real number is, however, likely much higher. From just a few small groups experimenting with this fraud, several organised gangs are now taking this scheme to a professional level and the number of compromised computers has increased."

Ransomware sees criminals infect their victims with a piece of malware that locks the machine down, leaving behind a blackmail message offering to unlock the machine in return for a money.

The scams often involve a certain amount of social engineering, masquerading as a legitimate organisation or law enforcement body to make the user feel the fine is legal.

Over the last three months ransomware scams pretending to be the Metropolitan Police, FBI and German Police have been discovered.

Ransomware usually infect machines as drive-by downloads, contained within malicious website URLs or web advertisements, though ransomware attacks targeting users via social networks and services like Skype have also been uncovered.

Symantec stated that the majority of the attacks it detected stemmed from and targeted Russia and Eastern Europe. The findings match a previous threat report from competitor Trend Micro, which highlighted the region as a cyber crime boom area earlier in the year.