Cyber-thieves cash in from malware
Cyber-thieves can reap returns of almost 1,500% when they invest in ransomware, a study suggests.
Trustwave looked at how much cash typical cybercriminals spend and what their potential profits might be.
It estimated it would cost $5,900 (£3,860) to buy a ransomware kit that could return up to $90,000 in one month of operation.
Experts said people should take precautions and avoid paying up if they get hit.
Ransomware involves a malicious program infecting a machine, scrambling key files and then demanding the machine's owner pay cash before the data is unscrambled.
According to a report from Intel-owned security firm McAfee Labs, high-tech extortion schemes nearly doubled in the first three months of 2015.
"I was frankly stunned by the figures we got from this," said Karl Sigler, a threat intelligence specialist at Trustwave.
He said the company drew its figures from information available on hidden sites on Tor and discussion forums available on the wider web. Typically, he said, a ransomware scammer needs three separate tools to perpetrate their crimes - malware, an exploit kit and a pool of victims.
The service industry surrounding web crime had grown to such an extent, he said, that all these were available to buy online. It had found forums in Eastern Europe, Asia and Latin America peddling all three.
By spending about $5,900, criminals would get the ransomware malicious code, an online kit that acted as an administration system for an attack campaign and a ready source of victims from a compromised site.
If a criminal infected 10% of the 20,000 visitors to a compromised website each day and only 0.5% of those victims paid the $300 ransom being demanded, then one campaign could net a criminal about $90,000 a month, he said.
"The money is there and the economy is there," he said. "If you lack the morals and ethics it can be easy to get into."
Mikko Hypponen, chief research officer at F-Secure, said the virtual currency bitcoin has been key to the growth of ransomware.
"That's what really enabled the ransomware problem to explode," he said. "Once the criminals were able to collect their ransom without getting caught, nothing was stopping them."
The latest trend was for an affiliate model in which the maker of ransomware sells the code to someone else who then uses it.
The market had become so popular that gangs were now competing against each other fighting for market share.
"Almost all of them deliver the 'goods'," said Mr Hypponen. "If you pay, you will get your files back. Some even run support forums to help you recover.
"This is because they need good online reputation: otherwise nobody would pay," he said.
Mr Hypponen's advice to avoid falling victim was to take backups, ensure software is up-to-date, be suspicious of message attachments and run comprehensive security software.
"And," he said, "don't pay money to these clowns unless you absolutely have to."