Other examples of ransomware like Cryptolocker and TorLocker have extorted huge sums of money from users across the globe. TeslaCrypt’s performance so far shows us that ransomware is still performing well despite growing awareness around the technique.
FireEye was able to track payments made to cybercriminals between February and April, as most payments are made in Bitcoin, though in some cases they accept PayPal My Cash cards. Ransoms ranged from $150 to as high as $1,000.
The researchers note that authors of the ransomware had little bias in who they targeted, which included students in Iran and Spain, who were afraid of losing their valuable college assignments and coughed up the ransom. TeslaCrypt also infected a non-profit that works towards a cure for blood cancer.
FireEye pointed out that many victims, like small businesses, were simply unable to pay and gave up, and as a result lost their data.
The security firm recovered several of the notices that TeslaCrypt’s creators were using when they encrypted someone’s files and has even published some of the messages between victim and perpetrator.
“I understand the terms of your demand, but I simply do not have the amount you’re requesting. Would you please consider a lesser amount. The absolute most I can do is $100 on Paypal,” wrote one victim, who was told the minimum was $250.
Some victims were actually successful in bargaining their ransom down. When cybercriminals come across a victim that just does not have the money, they may very well reduce the cost, as something is better than nothing.
One victim is even seen pleading with the ransomware author to decrypt his files so he can file his tax return and retrieve work-related data required for his job.
FireEye adds that even after payment, there is no guarantee that the criminals know how to decrypt your files, may not even bother.
“Unfortunately, the decryption does not always work. Sometimes the victims are infected with different types of malware that interfere with one another or bugs in the ransomware prevent all the victims’ files from being decrypted,” said FireEye’s Nart Villeneuve.
Villeneuve adds that FireEye anticipates ransomware will continue to grow. “The tools are easy to employ, and even inexperienced intruders can generate a quick profit from Internet users around the world who are desperate to recover their files and pay the ransom,” he said.
Cryptolocker, perhaps the most infamous ransomware type, has reportedly generated three million in transactions since 2013, so it’s easy to see why cyber-criminals are launching so many ransomware campaigns.
