Cybercrime pays.

Cybercrime Pays – Picture Borrowed from the FBI!

There’s no doubt that cybercrime pays. Why else would anyone do it? The risks are quite substantial (jail, fines), so the rewards must also be quite substantial.

Cybercrime Pays – Ransomware – Outsized Rewards

It’s sad that something as destructive as cybercrime is rewarding. The Teslacrypt malware authors, for instance, made $76,000 in two months. Most victims pay ransoms in bitcoin. Bitcoin at that time was about $200 per bitcoin, and it’s at $1100+ as of the time of this writing. That means the who held on to the ransoms made even more! The average ransom is $679, and the cybercriminals made about $209 million in just the first quarter of 2016.

Is it any wonder why it’s so popular?

Cybercrime Pays – And It’s Difficult to Fight

People who get ransomware have two options usually – they can either pay, or they can restore from backup. For the latter, they have to have backups, but if they do, it makes no sense to pay the ransom. In the former case, many people choose to go without their files rather than pay; you can make your own judgements as to whether that’s worthwhile. If victims can’t go without their files and they don’t have backups, which applies to at least 13% of victims from the links above, they pay.

That’s the victim side; on the cybersecurity side, ransomware is difficult to fight as it is complicated, and automating the malware analysis can be tricky if not impossible. That’s the case with some malware (though quite a bit of it can be automated these days).

This post has really only examined ransomware as one example of how cybercrime can pay, but there are quite a few others – click fraud, identity theft, DDoS, and a host of other things. Look out for more information on what the bad guys are doing and why in upcoming posts.