Hackers, ransomware families, and phishing families are netting much the crypto market. The malware and ransomware started to gain traction in the last two years after the bitcoin started to gain much media attention.
The Ransomware report
Google researchers recently discovered that 34 ransomware families earned a total of at $25 million. This comes after two ransomware campaigns WannaCry and NotPetya hit the headlines affecting thousands of users in different sectors. They received a total of $140,000 and $10,000 respectively from the attack that spread all over the world.
The two ransomware were not designed financial gains as the creators are not interested in cashing out the money. Locky and Cerber currently dominate the market based on the amount earned. The report further states that Cerber consistently earns over $200,000 per month and Locky was the first to earn over $1 million in a month.
The ransomware extortionists are now resulting in bitcoin-denominated in Fiat currencies to avoid financial risks associated with price-swings. The denomination benefits the attacker as they support their anonymous status and maintain pricing stability.
The Tor Proxy Service Diversion Saga
For the first time, one Tor proxy service is trying to get a cut from the ransomware attacks by diverting victims’ ransom payments to its own wallets. The service duplicates of the original channel and diverts unsuspecting users to their own wallets. Ransomware extortionists result of the Tor proxy only if their victims are not willing or not able to install and use the Tor browser to make Bitcoin payments via the deep net for anonymity purposes.
Tor proxy services allow users to get access to .onion websites using a regular browser such as Google Chrome, Edge, or Firefox, simply by adding the .top or .to extension to the end of any Tor URL. These services are popular among ransomware authors, such that they even added alternative URLs to help victims pay using these services. The service is common among Ransomware extortionists as it is easy and no installation requirements needed. Some are including instructions and guides to help victims pay via the service.
Onion. Top was recently caught as it was trying to replace the ransomware bitcoin payment address with its own address secretly earning over $22,000, according to Proofpoint. The cyber-security discovered the activity after LockeR (a ransomware strain) warned its victims not to use the service.
Ransomware creators’ Response
Ransomware creators are developing measures to counter the move. Most creators have resulted in removing the Tor Proxy requiring victims to use the Tor browser. This will end any future happenings or errors. Some creators such as Magnier and others have creatively split their bitcoin addresses on different HTML tags avoiding instances of automatic address replacement.