Developers of CryptoWall ransomware earned more than $325 million for the last year

The team of researchers called Cyber Threat Alliance was formed last year and today they presented a report about the work of hackers, who are standing behind the ransomware called CryptoWall. Some numbers found in the report are just incredible.

Just to remind you, CryptoWall was firstly discovered in 2014 and it is a classic example of ransomware. As soon as it gets into the user’s computer it encrypts all data, using a secure cryptographic algorithm, and then demands ransom in Bitcoins (usually from $200 to $10000). Nowadays, this malware is version 3.0 and it is considered one of the most serious threats of its kind.


According to research conducted by analysts from Cyber Threat Alliance, based on sophisticated financial infrastructure of hackers, in the past year the authors of CryptoWall 3.0 earned about $325 million, demanding money from their victims. This amount is no surprise, considering that to date there is no way to crack the encryption key of CryptoWall 3.0. Victims of the ransomware have only two options to pay or lose all data.

“Looking at how many people paid a ransom to the authors of CryptoWall 3.0, it is clear that this business model is extremely successful and it will continue to bring huge profits to the developers of the ransomware” – stated in the report.

The report contains other interesting numbers:

Were fixed 406,887 attempts of infection by CryptoWall.

Were found 4046 samples of malware.

Were found 893 URL command servers.

Revealed 49 different companies that were spreading CryptoWall (Mostly phishing emails and exploit kits).

Only one of these companies, named crypt100, infected more than 15,000 computers around the world and brought around $5 million to the hackers.

It is likely that behind the CryptoWall ransomware standing only one group of hackers.

This group has earned more than $18 million over the past year on older versions of CryptoWall (which is confirmed by the data from the Internet Crime Complaint Center).

The researchers also found that hackers using hundreds bit coins wallets, ranging from obvious to which victims sending ransom and ending with the main wallets where hackers gathering their profits.

Most of these wallets are used for money laundering through legal channels, as well as for payment of black-market services such as botnets, exploit kits and so on.

Cyber criminals are very careful, they do not transfer money directly from the wallets for ransom to the main wallet. Instead, they split up the transaction on multiple wallets, using a TOR network for distraction and obfuscation of tracks.  The researchers concluded that final “wallet-storage” are common for many CryptoWall companies and still contain huge amounts – tens or even hundreds of thousands of dollars.

You can read more information about CryptoWall ransomware here:

Information added: 11/04/2015 06:24 PM;