Why hacking isn't a get rich quick scheme anymore

Hacking and ransomware aren't what they used to be.

In a recent Bloomberg article, Elaine Ou, PhD, an engineer at Global Financial Access, described how ransomware attacks have changed over the years — and how being a hacker isn't a fast way to get rich.

In 1989, an anthropologist orchestrated the first known ransomware incident by mailing 20,000 floppy disks to subscribers of journals and delegates of an international AIDS conference. The floppy disks were labeled "AIDS Information," and when put in a computer, told users to send $189 or $378 to a P.O. Box in Panama.

Floppy disk-associated attacks quickly diminished, but ransomware continued with the rise of Bitcoin, a universal digital currency.

Today, ransomware attacks work like this: Developers "create ransomware-as-a-service, through which they sell or license their ransomware to operators," according to Dr. Ou. The operators recruit affiliates, who work as distributors. These distributors find ways of getting malware onto computers.

And the ransom payment? Operators cash it in, but transfer a 50 to 70 percent commission to the distributor. According to a recent study of Cerber, a ransomware network, operators brought in an average of $78,000 in July 2016. Affiliates made $726 the same month. According to Dr. Ou, most ransomeware distributors don't make anything close to resembling minimum wage.

This likely has to do with the fact that ransom costs are inflated by media. Initial reports of the February 2016 attack on Hollywood (Calif.) Presbyterian Medical Center claimed hackers demanded $3.4 million. But the hospital said the ransom price was only $17,000 and was able to successfully pay the amount in full.

Overall, Dr. Ou likens ransomeware hacks to "pyramid scheme[s]," with affiliates bringing in money to those higher up on the ladder. "For all the reports of attacks on hospitals and financial institutions, the reality is that cybercriminals with dreams of striking it rich far outnumber vulnerable corporations," Dr. Ou wrote.

More articles on health IT:
Calif. health plan reports breach due to unauthorized access
Apple rumored to remove home button in new iPhone
How the next president could fix health IT: 5 thoughts from Jonathan Bush

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months