NEWS FROM THE LAB - Wednesday, October 23, 2013

What is the cost of ransomware? Posted by Sean @ 10:52 GMT

Here's a question we're often asked: what's the economic cost of malware?

We recently assisted in a joint investigation with the Finnish Police and CERT-FI. And in this particular case — we estimate that just one gang of "police" (themed) ransomware could be responsible for more than 800 million dollars worth of damage and losses.

Details from the Finnish press release:

Press release

We'll translate the basics: a single gang using Reveton "police" ransomware netted more than 5 million victims worldwide, with more than 30,000 computers in Finland affected.

Reveton's current "fee" is 300 USD:

USA Reveton

The going rate in Europe is EUR 100:

French Reveton

At 100 euro each, the 30,000 Finnish victims alone represent three million euro of potential profit. Between North America and Europe — it's altogether something in the neighborhood of 600 million euro or more than 800 million dollars.

Now of course, not everybody pays Reveton's random (though quite many do). So that potential profit isn't actually realized. But what about economic costs? The victims need to spend time and money to repair and recover their computers.

Some folks will have lost data in the process. And how much is that worth?

Last year, a friend's hard drive, full of family photos, crashed. The cost of repair? More than 6,000 USD! If just one percent of the Reveton gang's more than 5 million victims lost similar collections of photographs — that's equal to 300 million USD in lost data.

Disregarding data loss, the time spent on recovery is easily worth the same as the ransom payment.

Bottom line: ransomware is very costly.


Which is why we're highlighting the issue at ransomware.fi as part of cyber security awareness month.

Are you ransomware aware? From now until the end of October, you can ask our own Antti Tikkanen and Paolo Palumbo questions about Reveton and other ransomware threats in our Community's Ransomware Q&A.

Here's a handy link you can share: bit.ly/RansomQA