Ransomware is Most Profitable for Malware Makers, FTC States

Ransomware may not be the most widespread type of malware in terms of sheer volume and number of infections, but it definitely is the most profitable type. Recent statements from the Federal Trade Commission seem to confirm this.

Ransomware is the subdivision of malware that, once it infects a machine, demands ransom payment from the user, most often in the form of a Bitcoin transaction. The expanding popularity of ransomware has led to ever more involved schemes using this type of malware, including increasingly more complex infection vectors and the introduction of a black market for ransomware products.

The FTC workshop held in early September 2016 singled out ransomware as the single most profitable type of malware. According to infosec expert speakers at the event, the average ransom demand presented by this niche of malware is around $570 per infected machine. With such staggering figures, ransomware can accumulate a lot of money with a relatively small number of victims. To make things worse, the ransom demand escalates over time, if the victim hesitates or attempts to work out a fix.

According to researchers, a significant amount of the funds collected from the ransom payments is being reinvested by bad actors into further development and improvement efforts for the ransomware in question. There are concerns that in the future ransomware might also take on new forms and use new venues for an attack, due to the increasing penetration of internet-enabled devices in all areas of life.

The rise in popularity of anonymous payment methods, Bitcoin in particular, also made it considerably easier for cybercriminals to collect their ransom. As a result, one of the reasons why a couple of decades ago ransomware was not the huge threat it is today – the bad actors behind it simply did not have access to such anonymous, convenient venues for collecting their victims' money.

The methods currently used to spread malware are also increasing in number and complexity, as highlighted by the workshop. While ransomware previously depended heavily on spam email campaigns, now it has evolved to use phishing emails and more recently even malware-laced banners. The fact that ransomware is being sold through black market portals and forums on the dark web means that an increasing number of bad actors can gain access to harmful tools easily, at least far easier than it used to be a decade ago.

Ms. Edith Ramirez, chairwoman of the FTC, pointed out that companies should act with urgency when exploits and loopholes are discovered in their products, patching any vulnerability as soon as possible. Failure to do that might violate the Federal Trade Commission Act.