BlackBox Connections


Unit 203
70 Country Hills Landing
NW Calgary, AB T3K 2L2

Office Hours

Mon – Fri
8:00 – 5:00
Support 24hrs

Call us Today

587 355 1566

Call us Today

587 355 1566

Millions paid in Ransomware according to Google

Feb 22, 2018

Ransomware increasing at an alarming rate!  Are you backed up?


Are you at risk for a ransomware attack?  It may be worth looking into, as it seems it is only getting worse!  Everyday the search term “ransomware” is being googled.  With an increase of 877% over the past year, it seems hopeful that people are taking action in regards to educating themselves on how to properly maintain their security and to find out what is ransomware.

Research led by a Google Team, publicly presented its findings at the Black Hat USA security conference in Las Vegas on July 26th of this year.  The session was titled “Tracking Ransomware End to End”.  Because this search query has seen such an increase, the research team lead by Google, worked with Chainalysis, the University of California at San Diego and New York University to gain a better understanding of ransomware.

According to Google data, only 37% of users are backing up their data on a regular basis, which is why hackers are able to have such devastating effects on their victims.  A large percentage of victims will choose to pay the ransom in order to get their data back.  Almost all ransomware relies on Bitcoin cryptocurrency as their payment model, as it is easy for hackers to set up and can easily be converted to cash.

Bitcoins are held in what is called a Bitcoin wallet, which is also the address where the victim’s make their ransom payment to.  The attackers will then move these Bitcoins from multiple wallets to a single account, explained Luca Invernizzi, a research scientist at Google. Finding the accumulation wallet is critical in order to go through the transaction ledger and discover any victims of these attacks.

The research partners along with Google used a multistage process to find these accumulation wallets.  First they scanned the internet and social media for any kind of ransomware reports in order to find Bitcoin addresses.  Next, Invernizzi said that Google infected its own isolated virtual machines with ransomware to get some ransomware payment addresses.   “We made micro-transactions to the different Bitcoin wallets that we discovered to uncover more of the ransomware payment network,” he said.

In order to gain a broader view of the ransomware ecosystem, Google’s research team collected 154,000 ransomware binary files from 34 different ransomware families.  From there, google then applied machine learning techniques to scale and automate the ransomware Bitcoin wallet discovery process.

From the analysis, Google was able to find an estimate of how much money had been paid by ransomware victims from the beginning of 2014 to the end of the second quarter of 2017.  There were likely some payments that were missed by Google, but they estimated that the total was at least $25 million paid out to attackers.

According to FBI’s Internet Crime Center’s 2016 report however, the google estimation is much larger then their 2,673 ransomware complaints for that year.  Victims paid out roughly $2.4 million for ransomware according to them.

Google’s data prior to 2016 shows minimal payments were made to ransomware wallets.  This was the turning point however, as ransomware is now a multi-million dollar business.  Based on the numbers, it seems as though ransomware is here to stay…….so make sure you are protected!


by BlackBox Connections

Topic: Millions have been paid in Ransomware according to Google