What are the latest statistics on ransomware? How often are people targeted, what's the hit rate, what's the estimated total dollar amount the bad guys make receive, etc?

of one

What are the latest statistics on ransomware? How often are people targeted, what's the hit rate, what's the estimated total dollar amount the bad guys make receive, etc?

Hello, and thanks for interesting questions on ransomware!


Let's start by defining ransomware: It is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.


Ransomware typically propagates as a trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program then runs a payload, which typically takes the form of a scareware program. Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and "pirated" media, or runs a non-genuine version of Microsoft Windows.

Some payloads consist simply of an application designed to lock or restrict the system until payment is made, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table to prevent the operating system from booting until it is repaired. The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim's files in such a way that only the malware author has the needed decryption key.

Payment is virtually always the goal, and the victim is coerced into paying for the ransomware to be removed—which may or may not actually occur—either by supplying a program that can decrypt the files or by sending an unlock code that undoes the payload's changes. A key element in making ransomware work for the attacker is a convenient untraceable payment system. A range of such payment methods has been used, including: wire transfer, premium-rate text messages, online payment voucher service such as Ukase or Paysafecard, and the digital currency Bitcoin.


Ransomware, in various forms, has been around for more than a decade. But the past three years has seen a steep rise in incidents involving the programs, which often infect users via malicious email attachments or drive by downloads from compromised websites or malicious web ads (malvertising). That has resulted in an increase in complaints to the FBI.

And the FBI has issued statements that say businesses might as well pay the ransom because there is usually nothing they can do about it. Ransomware called CryptoWall is so potent that it cannot be removed and requires the payment of ransom.

And how often have people been targeted? In a bulletin issued on June 23, 2015, the FBI said:

"Data from the FBI's Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses. CryptoWall and its variants have been used actively to target U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million."

It's unclear how many people have been hit by ransomware. National Public Radio quotes Rahul Kashyap, a researcher at the cyber security firm Bromism, the number is grossly underreported as victims feel shame and don't know where to turn for help.

In August 2014, the British Broadcasting Corporation found that 500,000 people had been affected at a cost of $3 million. That, however, was about one year after CryptoWall had emerged in Britain, where its prevalence is greater than in the U.S.

The Canadian Broadcasting Corporation, in a study of the matter, found that while the average ransom was $500, the largest publicly recorded ransom demand was $800,000. Often, there is a time limit — typically 12 hours — before the ransom doubles.

While initially popular in Russia, the use of ransomware scams has grown internationally; in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012.

Wide-ranging attacks involving encryption-based ransomware began to increase through trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities, and Cryptowall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.

In conclusion, ransomware use is on the increase and many people--and, as I have indicated, the numbers are unknown--have been affected. And, between CryptoLocker and Crytowall, the losses were set at $21 million within what is basically a two year period of time. That will, by all estimates, increase and new figures will be issued in June in 2016.

I hope that answers your questions and thanks for using Wonder!