Security Market Segment LS
Thursday, 02 June 2016 22:03

How much does a Russian ransomware boss earn? Featured


How much does a Russian ransomware boss earn? Less than you might think, even when targeting the health industry.

In a couple of reports released today by Flashpoint we learn of the current activities of many Russian-based ransomware purveyors.

Flashpoint, the "global leader in Deep & Dark Web data and intelligence" has spent the past five months studying an organised Russian ransomware campaign. In the scenario being investigated, Flashpoint found the proliferation of "Ransomware as a Service" which enables affiliates to obtain ransomware from a crime boss and push it out to victims as they see fit.

A particularly common target has been the healthcare industry – an area that tends to be low on funds for technology and even lower on broad technical skills.

However, the report authors noted a certain level of frustration amongst the Russian hacking community, with comments such as, "From the bottom of my heart I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with it [the malware]."

Another Russian cybercrime forum member commented: "Dirt bags, the move is completely unethical. Do not touch hospitals!"

According to the research into one particular ransomware boss who had been active since at least 2012, there were between 10 and 15 affiliate partners who were actually performing the infections, although the contact with infected sites was handled by the boss alone.

Once payment was received in Bitcoin, the boss would make use of a variety of Bitcoin exchangers to launder the money; additionally, he would pay the affiliate from a separate "clean" wallet.

How was affiliate recruitment handled? The boss would simply post (relatively) openly in Deep Web Russian-language forums. One particular message, captured by Flashpoint, is on the next page.

The message went like this:

Good day,

This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time.

I propose mutually beneficial cooperation in the sphere of distribution of my software.

It is desirable, of course, that you have already had some minimal experience in this business.

But if you have no experience, it is not a problem. In addition to the file, you will receive detailed instructions on how and what to do - even a schoolboy could do it; you need only time and desire. The scheme is simple, and tested and working 100%, revenue yields are decent.

Thus, you are not risking anything in particular (money being the most important), and are getting valuable experience, and if you succeed – a good cash reward. At the same time, you do not need to bother looking for work ideas, encryption software, nor for receipts and processing of payments. Details - for all correspondence, write in this topic or personal message or Jabber.

So, what kind of money was this particular boss earning? Not so much as one might expect.

The report suggests that from an average of 30 payments per month (spread across 10-15 affiliates) and a typical US$300 payment, he was earning $US7500 per month, which is around 13 times the typical Russian monthly wage. The affiliates were earning $600 – the average wage!

According to Vitali Kremez, cybercrime intelligence analyst, of Flashpoint, "Ransomware is clearly paying for Russian cybercriminals. As Ransomware as a Service campaigns become more wide-spread and accessible to even low-level cybercriminals, such attacks may result in difficult situations for individuals and corporations not yet ready to deal with these new waves of attacks."

Most of this ransomware avoids any form of command-and-control infrastructure, instead including payment and decryption instructions in a text file included with the infection. Thus payments outside of the typical $250-$500 range noted earlier must have been premeditated – there have been many reports of hospitals being asked for tens of thousands of dollars or more.

Is there no honour amongst thieves?


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments