Size of bitcoin ransomware market 'overhyped' in the media

The rise of bitcoin ransomware attacks has been covered extensively in the media in the past 12 to 18 months. One pundit has even suggested that one of the reasons why the price of bitcoin has rallied so much is because companies are stockpiling bitcoin to mitigate the effects of potential future ransomware attacks.

However, a new study suggests that the media hype surrounding ransomware attacks that use bitcoin as a payment method is not merited in light of the comparatively small market size of these cyber attacks.

The actual size of the bitcoin ransomware market

According to a study titled ‘Ransomware Payments in the Bitcoin Ecosystem’, researchers estimated the market for bitcoin ransomware payments was only $12.8 million. This shows that the actual financial impact of bitcoin ransomware attacks has been minimal.

While the rise in ransomware attacks has greatly disrupted the functioning of businesses and public sector institutions, the reality is that the economic significance of bitcoin ransomware attacks is much less than it may seem.

“We […] find that the market is highly skewed, dominated by [only] a few […] players. From these findings, we conclude that the total ransom amounts gathered through ransomware attacks are relatively low compared to the hype surrounding this issue,” the researchers stated.

Different forms of bitcoin ransomware

To analyze the bitcoin ransomware market, the researchers gathered information on bitcoin transaction related to ransomware attacks based on their footprint on the Bitcoin blockchain and have used the GraphSense cryptocurrency analytics platform to investigate bitcoin ransomware attacks’ financial flows.

The researchers have found that there are two common modes of ransomware attacks. The first mode locks users out of their devices by disabling their operating system. When the user attempts to launch his or his device, a ransom note appears requiring a payment in cryptocurrency to be transferred for the device to function again. The second mode of attack is more technologically advanced and makes use of cryptography. A user’s files are encrypted and the decryption key can only be accessed upon payment of the ransom.

Furthermore, the researchers have found that there are 505 known ransomware families of which almost all demand bitcoin (BTC) as the ransom payment currency and that the use of cryptocurrency tumblers, also known as coin mixers, is a common method for laundering the illicit funds. Gambling sites and bitcoin exchanges are also being used by attackers to launder their ransom bounties.

After analyzing the financial impact of 35 ransomware families between 2013 and 2017, the researchers found that “the minimum worth of the market for ransom payments represents $12,768,536 (22,967.54 BTC),” and that “the ransomware market is dominated by a few kingpins.”

The researchers also found that the initiatives that have been developed by the cybersecurity community, such as “No More Ransom!”, which make ransomware decryption tools freely available, have had a positive impact on mitigating the economic impact of these attacks.

Despite small size of ransomware market, attacks are still disrupting

An analysis of the WannaCry ransomware attack in May 2017 showed that the attackers only ended up earning around $140,000 in bitcoin as most of their victims decided not to pay.

Nonetheless, despite the modest economic impact of the attack, it caused havoc for businesses and public sector institutions such as hospitals in the UK and the German railway network. Hence, while the actual amount of ransom payments that have been processed were tiny, the impact of these attacks was felt strongly by those affected.

The researchers agree that their “observations do not mean that the ransomware threat should be underestimated. Although the minimum worth of the market for ransom payments – taking into account 35 families – is a relatively modest amount (about $12 million) compared to the hype surrounding the issue, the overall direct and indirect damages they caused to individual and organizational victims are much higher.”

Source: Read Full Article