Ransomware is a particularly nasty form of cybercrime that's popped up over the past couple of years. One misclick on an email attachment is all it takes to have your important files scrambled and an extortion message demanding money to unlock your data.
Doesn't matter if the victim computers are in hospitals, schools, governments, businesses or at home: ransomware targets everyone. How lucrative is it for criminals though?
Well, a study by researchers at the United States universities of New York and California, along with Google and forensic blockchain company Chainalysis tracked payments made by victims of ransomware during the past two years, and the total was $33.2 million.
Locky victims paid US$7 million ($9.3m) in ransom, Cerber $6.9 million and CryptXXX, $1.9 million, but it's not clear how of the money reached the extortionists.
That's quite a bit of money, but perhaps a bit disappointing and pedestrian really, compared to other internet-scale crime. It should be more, as we're talking about payments from victims of 34 ransomware types, and over two years.
Turns out that the ransomware menace didn't hit its stride until the second half of last year, when monthly payment amounts reached $2 million or more.
The researchers speculate that the rapid rise in ransom payments is just the start.
Criminals have started to sell or rent out their code: Ransomware as a service means anyone can join in and extort others, no programming skills required.
How do the criminals get their hands on the ill-gotten gains then? Ransom payments are usually done in a cryptocurrency like Bitcoin, which is exchanged to real-world money via websites that charge transaction fees, like banks.
Most of the ransomware payments above were cashed at the BTC-e exchange, which was taken down this month by US law enforcement. BTC-e founder Aleksandr Vinnik, a Russian, was arrested by Greek police and faces extradition to the US where he could get a 55-year prison sentence.
As it happens, there's a local connection: Vinnik used a New Zealand shell company for its domain registrations with a Takapuna address, the US Department of Justice said.
Vinnik's Bitcoin exchange is said to have laundered NZ$5.35 billion since he started the business in 2011, a colossal amount in a relatively short period of time. This compares to another cryptocurrency exchange, the Liberty Reserve, which was closed down in 2013 and which laundered more than NZ$8 billion for criminals.
His arrest might help resolve the theft of $634 million worth of Bitcoin taken in a raid on the Mt Gox exchange in 2014.
Mt Gox collapsed after the theft, and the money stolen was processed by BTC-e, the US DoJ says. The founder of Mt Gox, Mark Karpeles, is looking at five years in prison for embezzlement and fraud and it'll be interesting to see what the connection with BTC-e was.
Even though some cyber fraudsters and criminals are arrested by the cops, the amount of money sloshing around is so large that others will quickly fill the gaps. Ransomware in particular is a relatively low-risk crime presently, as it's easy for perpetrators to hide themselves, and the campaigns themselves are hit-and-run and not continuing operations.
Authorities, developers and security vendors have woken up to the situation. It's good to see resources like the No More Ransom site that's run by Europol and the Dutch police, with the help of security vendors Kaspersky and McAfee.
No More Ransom offers advice and assistance to ransomware victims, and provides decryptors for scrambled files.
The last bit is important: apart from tracking the criminals and bringing them in, the only thing that'll halt the rapid spread of ransomware is if people don't pay. Heed that advice, and spend the money on backups and updated software instead.
Because even if you do stump up with a large amount of Bitcoin to rescue your encrypted data, there's no guarantee you'll get your files back. You are guaranteed to be part of the ransomware problem rather than the solution though, if you pay the criminals.