According to Bleeping Computer, those behind the Ryuk ransomware earned over $640,000, while those operating a scam tactic to convince people there was a compromising video of the victim made $500,000 according to Motherboard.
While the sextortion phishing scam was widespread, it did ask for $1400 in Bitcoin and according to research by Banbreach of around Bitcoin 770 wallets, 230 had over 1000 transactions, receiving a total of around 70.8 BTC.
The Ryuk ransomware asked victims to pay either 15-35 Bitcoin or 50 Bitcoin, depending on which ransom note was received. Raj Samani, chief scientist and fellow at McAfee, told Infosecurity that the ransom demanded for Ryuk is very high when compared to other ransomware variants.
“This suggests this is a straightforward extortion campaign as opposed to a case of pseudo ransomware,” he said. “It also suggests a very targeted campaign aimed at organizations – part of a growing trend of enterprise-targeted campaigns.”
Andy Norton, director of threat intelligence at Lastline, said: “SamSam, Bitpaymer and now Ryuk have targeted corporate environments with fast spreading lateral infection behaviors. This is proving to be a successful model for them, as the disruption of business processes or services is the first cost the victim considers, then the time and money it takes to perform an actual investigation, backup and restore effected machines.
“As a rule of thumb, this is roughly double the cost of paying the ransom, so judging by the three transactions into one of the Ryuk bitcoin wallets, it looks like some victims have chosen to pay the ransom as the lesser evil.”
On the sextortion scam, Norton said that this was “very convincing” as it highlights bad password practices “so if you don’t change your passwords after a breach or reuse passwords across different portals, then the chances are the password they send you will still be accurate and therefore be very believable.”