Jump to content

Major Ransomware Campaign Disrupted, Attackers Lose Potential Revenues of $34M


Karamjit

Recommended Posts

This campaign accounted for 50% of all the ransomware delivered online through the Angler exploit kit

Cisco's researchers thwarted the activity of a single group of cyber-criminals responsible for 50% of all deployments of ransomware via the Angler exploit kit. The group conducted operations on such a large scale that by the end of the year they would have potentially earned more than $34 million / €30 million.

Using servers from the infrastructure of Limestone Networks, a cloud service provider, the criminal group behind this operation managed to create the biggest ransomware delivery platform ever noticed in the wild.

Attackers bought cloud servers with stolen credit cards

These servers were not compromised but were bought using stolen credit cards. Over 815 such servers were purchased, and after the credit card owners requested charge-backs, Limestone Networks eventually lost around $10,000 / €8,900 each month while the campaign went on.

Because of this, not only did Limestone shut down the servers when reported by Cisco's Talos security team, but they've also opened up their logs so Cisco's experts could take a look and get down to the bottom of this campaign.

According to Cisco's research, the attackers only used one single server from where to deliver the Angler exploit kit. This server was masked by a network of 147 proxy servers, installed on the compromised Limestone Networks infrastructure.

The cyber-criminal group could have easily made up to $34 million / €30 million till the end of the year

By using basic math and a few InfoSec reports available online, Cisco came to the conclusion that the criminal group behind this operation could have ended up making between $30 and $60 million in annual revenues.

According to data gathered from the campaign, over 9,000 users were being served the Angler exploit kit per day on each of the 147 proxy servers.

Taking into account that 40% of users that land on an Angler exploit kit are infected, this results in around 529,000 computers infected each month.

From previous research we know that 62% of Angler victims are being infected with ransomware and that 2.9% of the victims eventually pay up an average of $300 / €267.

This brings the monthly revenue around $3 million / €2.67 million per month, and around $34 million / €30 million per year, as Cisco estimates. As you can imagine, any variations in these numbers can increase the cyber-criminals' revenue many times over.

From

Link to comment
Share on other sites


  • Views 420
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...