Carbon Black, the leader in next-generation endpoint security, today announced the release of: “The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year.”
Carbon Black released the report at the company’s largest event of the year, Cb Connect, a conference in San Francisco bringing together hundreds of security professionals from around the world to discuss the latest trends and threats in cybersecurity.
Conducted by the network of the Carbon Black Threat Analysis Unit (TAU), the research found:
- There are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current product listings.
- The prices for do-it-yourself (DIY) ransomware ranges from $0.50 to $3,000. The median price is $10.50.
- When comparing 2016 vs. 2017 YTD, ransomware sales on the dark web have grown from $249,287.05 to $6,237,248.90, a growth rate of 2,502%. According to the FBI, ransomware extorted about $1B in 2016.
- Some ransomware sellers are making more than $100,000 per year simply retailing ransomware.
- The most notable innovations contributing to the proliferation and success of the dark web ransomware economy have been the emergence of Bitcoin for ransom payment, and the anonymity network, The Onion Router, better known as TOR, to mask illicit activities.
- Ransomware sellers are increasingly specialising in one specific area of the supply chain, further contributing to ransomware’s boom and economy development.
“Based on our research, ransomware can no longer be perceived as petty criminals performing stick ups and kidnappings,” said Rick McElroy, Carbon Black’s security strategist. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit. Today, legitimate enterprises avoid heavy investments in infrastructure and hackers are no different. In fact, with Ransomware, hackers have set a model for a cloud-based, high profit and effective turnkey service economy.”
The report, available for download here, outlines the various components of the ransomware supply chain, offers projections for the evolution of ransomware, and provides several tips on how businesses and consumers can protect themselves from ransomware attacks.
“With the ability for ransomware authors to make more than $100,000 per year, it comes as very little surprise that dark web underground economies are flourishing,” said McElroy. “The sad reality is that many businesses are on their own when it comes to staying protected. A lack of fundamental security controls such as backups, testing, restoration, patching, visibility, and out of date prevention strategies means business can expect the problem to get worse before it gets any better.”
The full report from the Carbon Black TAU can be downloaded here.
Report Methodology
During the months of August and September 2017, researchers monitored 21 of the largest dark web marketplaces for new virtual offerings related to ransomware. The description of the offering and sales price was recorded for each offering. To represent the complete dark web marketplace economy the sample of findings from 21 of the largest marketplaces was extrapolated to a population-wide value based on an assumption that approximately 25% (Wired, 2014) of the total dark web website population (per Tor unique .onion observations/day reported at on the Tor Metrics site (https://metrics.torproject.org/hidserv-dir-onions-seen.html) is comprised of similar marketplaces. All prices and values are reported in USD. In instances where prices were offered in BTC (Bitcoin) conversion to USD was made for the day the offer was identified.
Historical information about the dark web marketplace activity for 2016 was developed through analysis of dark web database dumps. The sample size of sites analysed for this historical perspective is approximately 10,000 .onion sites (20% of the dark web) as of February 2017.
The basic statistical model for generating point estimates based on samples collected. The number of observations in a period of time is multiplied by the total population and that product is divided by sample size (the population observed).
About Carbon Black
Carbon Black is the leading provider of next-generation endpoint security. With more than 13 million endpoints under management, Carbon Black has more than 3,000 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
