Kim Crawley

@kim_crawley

A Few Quick Tips If You Want To Make Money From Ransomware

Photo courtesy of BTC Keychain, Creative Commons License 2.0

Developing and distributing ransomware can be a very effective moneymaking enterprise if done properly. Capitalism rewards people who know how to profit from other people’s misery, so it can be an excellent opportunity for you.

The path to cyberattack riches seems simple.

Step one: Make something that can encrypt a HDD’s files with a 256-bit AES cipher.

Step two: Get a Bitcoin account.

Step three: Make a scary but easy-to-understand UI that makes your intentions clear, with a simple means to send Bitcoin to your account. Insert extra skull-and-crossbones graphics if necessary.

Step four: Find a simple exploit that affects at least 10% of all endpoints worldwide.

Step five: Make phishing emails, web vulnerability exploiting bots, Microsoft Word macros, whatever.

Step six: ?

Step seven: Profit!

But it’s not quite that simple. There are lots of malware researchers these days, and there are even more cybersecurity writers like myself. Unless you can obfuscate your code a la Stuxnet (a tall order if you don’t have a budget in the hundreds of millions of dollars) your code will be reverse engineered. That applies as much to scripts bought from the Dark Web as it does to code you’ve mainly written yourself. You’ve gotta use some of the same APIs, eh?

When your code gets reverse engineered, we may discover that you developed no practical way to decrypt files for a ransom payer. Those discoveries are confirmed when ransom payers tell my colleagues about their experiences. Then said colleagues, such as Nick McKenna, warn people not to pay your ransom because there’s no way of getting their files back. Other colleagues, such as my friend Javvad Malik, share detailed research about your ransomware in less than 24 hours after your attack hits people’s systems. That’s the problem that WannaCry’s developers are dealing with right now.

Even though you can usually maintain your anonymity by using a Bitcoin account, one metric that’s easy to find is how much money is being sent to your accounts. Brian Krebs looked up the Bitcoin accounts found in WannaCry’s code and discovered that only $26,000 was collected as of May 13th. Some fat cat cybermasterminds those WannaCry folks are, eh? That’s merely the pocket change that can be found in one of Warren Buffet’s couches.

So that sort of news further popularizes the idea that paying your ransom is pointless.

Whoever developed WannaCry was very clever when they chose their exploit, but rather foolish with their code.

If you want to actually make BIG MONEY developing ransomware, focus on a means of decryption for your ransom payers.

That’s my advice for you. You’re welcome!

If you enjoyed my article, there are two ways that you can help me.

First, you can click on the little green heart to recommend my article.

Secondly, you can make a small donation to my Patreon. Thank you!

You can also follow me on Twitter via @kim_crawley.

When I’m not playing Persona 5 or comparing black lipsticks to each other, I can be found writing for Tripwire’s State of Security and Alienvault’s blog.

More by Kim Crawley

Topics of interest

More Related Stories