The murky ecosystem of ransomware payments Attack.Ransom comes into focus in new research led by Damon McCoy , an assistant professor of computer science and engineering at the NYU Tandon School of Engineering . Ransomware attacks Attack.Ransom , which encrypt and hold a computer user 's files hostage in exchange for payment Attack.Ransom , extort Attack.Ransom millions of dollars from individuals each month , and comprise one of the fastest-growing forms of cyber attack . In a paper slated for presentation at the IEEE Symposium on Security and Privacy in May , McCoy and a team including researchers from the University of California , San Diego ; Princeton University ; Google ; and the blockchain analytics firm Chainalysis provide the first detailed account of the ransomware payment ecosystem , from initial attack to cash-out . Key findings include the discovery that South Koreans are disproportionately impacted Attack.Ransom by ransomware campaigns , with analysis revealing that $ 2.5 million of the $ 16 million in ransomware payments Attack.Ransom tracked by the researchers was paid Attack.Ransom in South Korea . The paper 's authors call for additional research to determine the reason that so many South Koreans are victimized and how they can be protected . The team also found that most ransomware operators used a Russian bitcoin exchange , BTC-E , to convert bitcoin to fiat currencies . ( BTC-E has since been seized by the FBI . ) The researchers estimate that at least 20,000 individuals made ransomware payments Attack.Ransom over the past two years , at a confirmed cost of $ 16 million , although the actual payment total is likely far higher . McCoy and his collaborators took advantage of the public nature of the bitcoin blockchain technology to trace ransom payments Attack.Ransom over a two-year period¬ . Bitcoins are the most common currency of ransomware payments Attack.Ransom , and because most victims do not own them , the initial bitcoin purchase provides a starting point for tracking payments . Each ransomware victim is often given a unique payment address that directs to a bitcoin wallet where the ransom Attack.Ransom is collected . The research team tapped public reports of ransomware attacks Attack.Ransom to identify these addresses and correlate them with blockchain transactions . To boost the number of transactions available for analysis , the team also executed real ransomware binaries in a controlled experimental environment , essentially becoming victims themselves and making micropayments to real ransom wallets in order to follow the bitcoin trail . `` Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically , and by injecting a little bit of our own money into the larger flow we could identify those central accounts , see the other payments flowing in , and begin to understand the number of victims and the amount of money being collected , '' McCoy said . The research team acknowledged that ethical issues prevent exploration of certain aspects of the ransomware ecosystem , including determining the percentage of victims who actually pay Attack.Ransom to recover their files . McCoy explained that despite having the ability to check for activity connected to a specific payment address , doing so would effectively `` start the clock '' and potentially cause victims to either pay a double ransom Attack.Ransom or lose the opportunity to recover their files altogether . Criminal use of cryptocurrencies is one of McCoy 's research focuses . He and fellow researchers previously tracked human traffickers through their use of Bitcoin advertising .

Ransomware , a special version of trojan that encrypts files , has become a new and tremendously growing type of cybercrime . The 2016 Ransomware Report released by 360 Security Center lately presents that : – 4.9 million computers were attacked in China – 56,000 ransomware infections worldwide only in March 2016 – $ 1 billion dollar source of income for cyber criminals estimated by FBI – Almost half of organizations have been hit with ransomware In January 2016 , three Indian banks ’ and a pharmaceutical company ’ s computer systems were infected Attack.Ransom by ransomware . The attacker asked for Attack.Ransom 1 bitcoin ( about $ 905 ) for each infected computer , and then used unprotected desktop interface to infect other connected computers from remote . These corps lost several million dollars due to the huge number of infected computers . February 5th 2016 , Hollywood Presbyterian Medical Center paid Attack.Ransom a $ 17,000 ransom Attack.Ransom in bitcoin to a hacker who seized control of the hospital ’ s computer systems and would give back access only when the money was paid Attack.Ransom . Two hospitals in Ottawa and in Ontario were attacked by ransomware later on . In February 2016 , several schools ’ computer systems were attacked by ransomware . The hacker took control of the intranet and servers , and asked for Attack.Ransom 20 bitcoin . These school ended up paying Attack.Ransom the anonymous hacker $ 8,500 to get their IT systems back . In the mid-February , a new ransomware “ Locky ” started to spread out via email . 7 out of 10 malicious email attachments delivered Locky in Q2 2016 . Once users activated the file attached in the email , their files were encrypted and had to pay Attack.Ransom the distributor a certain ransom Attack.Ransom to decrypt these files . May 2016 , a series of ransomware attacks on the House of Representatives have led US congress to ban using Yahoo Mail and Google hosted-apps , and warned their members about being caution of Internet security . In October , 2016 , 277 ransomware attacks Attack.Ransom were reported to Government Computer Emergency Response Team in Hong Kong , China . Most of the malware were hidden in email attachments and disguised as Attack.Phishing bills or receipts to trick Attack.Phishing users to click . The victims included the Marine Department of Hong Kong and Deloitte , one of the biggest accounting firms in the world . In November 2016 , other than emails , Locky began to transmit through social networks such as Facebook , LinkedIn with images contained malicious application . The file could be automatically downloaded while users were browsing , and installed once users clicked to check . November 2016 , San Francisco public transportation system Muni was hacked and requested for Attack.Ransom a $ 73,000 ransom Attack.Ransom in bitcoin to get back encrypted data . SFMTA ( The San Francisco Municipal Transportation Authority ) refused to pay Attack.Ransom the ransom Attack.Ransom and shut down the fair system . We can see that ransomeware is terrifying and collecting money illegally around the world . However , it ’ s almost impossible to decrypt the infected files by yourself , even for people with high information technology skills .