Ransomware generates massive profits for its operators. How much do they make, and how do their spend their illicit earnings? Newly published research on Sodinokibi ransomware sheds some light on this.
The McAfee Advanced Threat Research (ATR) team has been investigating ransomware-as-a-service (RaaS) Sodinokibi, also known as Sodin or REvil, since it was spotted in the wild back in April. Around the same time, GandCrab's operators announced their retirement. Secureworks analysis showed Gold Garden, the group behind GandCrab, is also behind REvil ransomware.
Ransomware statistics for 2019: Q2 to Q3 report
Ransomware attacks continued to become more focused and sophisticated in Q2 and Q3 2019. In contrast to the spray-and-pray campaigns of the past, threat actors are increasingly targeting larger and more profitable targets such as businesses, schools and government organizations.
Ransomware strains such as Ryuk played a dominant role, crippling dozens of public entities across the U.S., while ransomware-as-a-service like Sodinokibi and GandCrab enabled ransomware distributors to generate millions, perhaps even billions, of dollars in ransom payments.