Study: Bitcoin Ransomware’s Economic Impact Doesn’t Merit Media Hype

in #bitcoin7 years ago (edited)

Source: https://blockexplorer.com/news/bitcoin-ransomware-economic-impact-doesnt-merit-media-hype/

Copy:

Bitcoin ransomware and blackmailing schemes are not nearly as prominent as media hype surrounding the issue suggests, new research shows.

In a study titled “Ransomware Payments in the Bitcoin Ecosystem,” a group of Canadian and Australian security researchers conducted a data-driven analysis of bitcoin ransomware. Based on their research, they determined that these blackmailing schemes, which invariably attract media attention due to their novelty, do not have a significant economic impact.

“As the current hype would have it, ransomware authors would make large amounts of money — up to millions of dollars — with this successful online black mailing activity,” the authors said. “As it is often the case, the reality is not that simple.”

In a typical bitcoin ransomware scheme, a computer becomes infected with malware that seizes control of the operating system and encrypts a user’s files. The attacker then demands that the user send money — usually denominated in bitcoin — to a specific address, after which the attackers will decrypt the files and return control of the computer to the owner.

The researchers, who will present their paper later this year at the 17th Annual Workshop on the Economics of Information Security (WEIS), said that the total economic impact of bitcoin ransomware payments amounts to approximately $13 million, with most of those funds linked to a small group of attacks.

They wrote:

We estimate the lower bound direct financial impact of each ransomware family and find that, from 2013 to mid-2017, the market for ransomware payments has a minimum worth of USD 12,768,536 (22,967.54 BTC). We also find that the market is highly skewed, dominated by a few number of players. From these findings, we conclude that the total ransom amounts gathered through ransomware attacks are relatively low compared to the hype surrounding this issue.

Part of the reason that the hype surrounding bitcoin ransomware exceeds the real economic impact is that several high-profile targets have been hit by these schemes, though the payments demanded by the hackers were low relative to the amount of media attention that they attracted.

In March, the city of Atlanta was hit by such an attack, with the hackers behind it demanding $51,000 in bitcoin to restore access to the city’s digital infrastructure.

Last year, the UK’s National Healthcare System (NHS) fell prey to a version of this ransomware scheme known as WannaCry, with computers at more than 40 hospitals and other NHS locations affected by the attack. In this case, the hackers demanded $300 in bitcoin to unlock each computer.

Of course, the fact that the aggregate economic impact of bitcoin ransomware is low does not mean that these schemes cannot cause serious problems — even life-and-death situations, in the case of healthcare organizations — for affected individuals and organizations, so users should always practice good digital hygiene to avoid contracting malware.