HackDig : Dig high-quality web security articles

Major Ransomware Campaign Disrupted, Attackers Lose Potential Revenues of $34M

2015-10-07 10:10

Cisco's researchers thwarted the activity of a single group of cyber-criminals responsible for 50% of all deployments of ransomware via the Angler exploit kit. The group conducted operations on such a large scale that by the end of the year they would have potentially earned more than $34 million / €30 million.

Using servers from the infrastructure of Limestone Networks, a cloud service provider, the criminal group behind this operation managed to create the biggest ransomware delivery platform ever noticed in the wild.

Attackers bought cloud servers with stolen credit cards

These servers were not compromised but were bought using stolen credit cards. Over 815 such servers were purchased, and after the credit card owners requested charge-backs, Limestone Networks eventually lost around $10,000 / €8,900 each month while the campaign went on.

Because of this, not only did Limestone shut down the servers when reported by Cisco's Talos security team, but they've also opened up their logs so Cisco's experts could take a look and get down to the bottom of this campaign.

According to Cisco's research, the attackers only used one single server from where to deliver the Angler exploit kit. This server was masked by a network of 147 proxy servers, installed on the compromised Limestone Networks infrastructure.

The cyber-criminal group could have easily made up to $34 million / €30 million till the end of the year

By using basic math and a few InfoSec reports available online, Cisco came to the conclusion that the criminal group behind this operation could have ended up making between $30 and $60 million in annual revenues.

According to data gathered from the campaign, over 9,000 users were being served the Angler exploit kit per day on each of the 147 proxy servers.

Taking into account that 40% of users that land on an Angler exploit kit are infected, this results in around 529,000 computers infected each month.

From previous research we know that 62% of Angler victims are being infected with ransomware and that 2.9% of the victims eventually pay up an average of $300 / €267.

This brings the monthly revenue around $3 million / €2.67 million per month, and around $34 million / €30 million per year, as Cisco estimates. As you can imagine, any variations in these numbers can increase the cyber-criminals' revenue many times over.

Attackers could have made millions by the end of the year
Attackers could have made millions by the end of the year

Source: nczlGZt42ZpFGctF2YtUmchdXbvNnbhJXLy9mah12LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:5555 | Comments:0 | Tags:Security

“Major Ransomware Campaign Disrupted, Attackers Lose Potential Revenues of $34M”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)
Tell me why you support me <3