Ransomware attacks are bigger than ever, but the payouts appear to be shrinking. While the ransomware suspected to be a variant of Petyamakes headlines around the world, whoever set it loose isnt really making a whole lot of money, especially if they paid for the software to begin with.
At the time of writing, the Bitcoin address that todays global attack points to has only collected 29 payments, for a total of 3.15 BTC, or $7,497. Considering the breadth of entities affected, that suggests that most victims know better than to cooperate.
TechCrunch spoke withMcAfeeChief ScientistRaj Samani following the attack. He suggested that awareness campaigns against paying these kind of cyber ransoms are having an impact.
Twenty people have paid my guess is most of those are security researchers, Samani said. He cautions that paying the ransom doesnt even mean youll get a decryption key back to unlock your system. With WannaCry, he notes that only an inconsequential amount of keys were returned to victims.
AnomaliDirector of Security Strategy Travis Farral echoed this sentiment in a statement to TechCrunch. Bitcoin payments currently already exceed $3,600, but its essential that victims understand that payment may not actually allow them to access their data, and may just fund hackers to commit further crimes.
In spite of their scope, recent ransomware attacks dont approach the hundreds of millions that something like 2014s CryptoWall was able to generate. WannaCry, by comparison, has made around $150,000 to date. Samani explained that the small payments you see with something like todays ransomware matches the market for an attack like this. Around about 200 to 400 dollars seems to be the going rate, Samani said. Theyve got to make it small enough because they want people to pay the ransom.
We saw this with WannaCry; there are so few people that are making the payments, Samani said. I think the message of dont pay seems to be getting through.
For now, there are way more questions than answers. One possibility is that the attack looked like ransomware, but that wasnt its main intended effect. Was it ransomware? Samani asked. Well, in name, but it was destructive in nature. In this particular case, you have what is being publicized as a ransomware campaign actually encrypting the master boot record.
Whether the ransom was this attacks intentions or not, victims may no longer be able to pay up. As Gizmodos Dell Cameron reports, email host Posteo has shut down the account associated with the bitcoin ransom, meaning that there is no longer a way for victims to pay or reach their attacker.
Still, additional small payments appear to be trickling in. You can track them in real time with a @petya_payments, a bot by Quartzs Keith Collins. Well continue following this story as it develops.