Ransomware has made more than $25 million from its victims over 2 years, Google study finds

Money cash us dollars united states hands bank notes banking
A South Korean banker carries US dollar bank notes at the Korea Exchange bank on February 22, 2005 in Seoul, South Korea. Chung Sung-Jun/Getty Images

Malware can be a highly profitable business.

Ransomware, malicious software that encrypts victims’ data and demands a pay-off in order to unlock it, has made more than $US25 million (£19.1 million) in bounties over the last two years.

That’s the finding of a study from researchers at Google, Chainalysis, UC San Diego, and the NYU Tandom School of Engineering that was seen by The Verge’s Russell Brandom.

The researchers investigated 34 different types of malware, tracking payments on the blockchain (the public, decentralised ledger of bitcoin transactions) to try and analyse the scale of ransomware and the amount of money its peddlers are making from victims.

They reportedly found people had coughed up at least $US25 million in an attempt to get their data back, with some types of ransomware proving more lucrative than others. “Locky,” which emerged in 2016, brought in $US7 million (£5.3 million) alone.

“Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines,” NYU professor Damon McCoy told The Verge. “Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business.”

Ransomware made global headlines earlier in 2017 due to the “WannaCry” attack, which exploited vulnerabilities developed by the NSA to spread across the world, crippling hospitals, telecoms firms, logistics companies and more across at least 150 countries.

So long as people continue to pay up, ransomware will continue to be profitable for its pushers — so don’t expect it to stop any time soon.

Get the latest Google stock price here.