Following The Ransomware-As-A-Service Money Trail

Cerber Ransomware As A Service On The Rise

IT security company Check Point released its in-depth research on the growing threat of Ransomware-as-a-Service (RaaS).

The security researchers identified the sophisticated infrastructure of Cerber, a widely distributed RaaS operation that currently runs more than 161 active campaigns. According to Check Point’s blog post, Cerber launches an average of eight new campaigns every day, which has infected roughly 150,000 users worldwide in the last month alone across 201 countries.

One of the more unique aspects of the Cerber RaaS is its business model and money trail.

In order to avoid money collected from being traced, Cerber uses bitcoin currency and creates unique bitcoin wallets in order to receive funds from its victims.

“The payment is transferred to the malware developer through a mixing service, which involves tens of thousands of bitcoin wallets, making it almost impossible to track the transactions individually,” the blog explained. “At the end of the mixing process, the money reaches the developer, and the affiliates receive their percentage.”

But Check Point’s research has enabled it to track the actual revenue earned by the malware and the path of financial transactions through identifying the actual victim wallets using data provided by the Command and Control (C&C) servers.

In July 2016 alone, the overall profit earned by Cerber RaaS campaigns totaled $195,000, with the malware developer earning roughly $78,000. The remaining money was split amongst other affiliates.

It’s estimated that ransomware authors earn $946,000 annually.

According to the FBI, cybercriminals have collected $209 million by extorting businesses and institutions to unlock computer servers in just the first three months of 2016. At that rate, ransomware will be a $1 billion a year criminal industry this year, with total losses being even higher once related business costs are factored in.

In the FBI’s Internet Crime Complaint Center (IC3) annual report, the agency said it received 2,453 ransomware-related complaints during the last calendar year.

In the “2015 Internet Crime Report,” Randall C. Coleman, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, said:

“As cybercriminals become more sophisticated in their efforts to target cybervictims, we must also grow our capabilities to successfully combat and defeat them. The evolving nature of internet crime presents a unique set of challenges, as crimes often overlap jurisdictional boundaries and perpetrators can attack from anywhere on the globe.”