Over the past two years, 35 unique ransomware strains earned cybercriminals $25 million, with Locky and its many variants being the most profitable.
The data comes from a study debuted at Black Hat by Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering. The study is unique in that it based calculations on bitcoin payments and blockchains. The result allowed researchers to create a precise picture of the ransomware ecosystem and who the top earners were, starting with Locky at $7.8 million in payments from victims, followed by Cerber and CryptXXX that earned $6.9 million and $1.9 million.
“Ransomware is here to stay and we will have to deal with for a long time to come,” said Kylie McRoberts, a senior strategist with Google’s Safe Browsing team.
The results show that the last two high-profile ransomware attacks, WannaCry and NotPetya, were flops when it came earning money. “Petya, NotPetya and other variants never earned money, because it was more wiper malware – not true ransomware,” McRoberts said. She called the wiper malware trend “the rise of the ransomware impostors.”