Image: Luis Alberto Gonzalez (Flickr)

The Underground Market for Ransomware

26th June 2017

More information

Roderic Broadhurst is Professor of Criminology at RegNet. He is Director of the ANU Cybercrime Observatory which was established in 2012. The Observatory is a focal point for research on human factors and cybercrime. He has been researching cyber-security related topics since 2000 when he convened the 1st Asian Cybercrime Summit at the University of Hong Kong in 2001. His research includes studies of lethal violence, victimization, and longitudinal research applying risk analysis to problems of recidivism and dangerous offending. Current research focuses on crime and development, the recidivism of homicide offenders, cybercrime and organized and transnational crime. He has held research and teaching posts at the University of Western Australia, the University of Hong Kong, and Queensland University of Technology. He also served in the Western Australian Prison and Corrections Service (1974-1985) and public health department (1986-1989).

You might also like

The industrialisation of the cybercrime market developed rapidly with the advent of virtual private networks (VPNs) and The Onion Router or “Tor” for short in the mid-2000s. The UNODC’s 2013 Comprehensive Report on Cybercrime flagged the importance of these markets in the spread of monetised hacking tools.

The RAND corporation’s report on the Hacker’s Bizarre in 2014 notes:

“These black markets are growing in size and complexity. The hacker market — once a varied landscape of discrete, ad hoc networks of individuals initially motivated by little more than ego and notoriety — has emerged as a playground of financially driven, highly organized, and sophisticated groups… Black and gray markets for hacking tools, hacking services, and the fruits of hacking are gaining widespread attention as more attacks and attack mechanisms are linked in one way or another to such markets.”

The Australian Cyber Security Centre’s 2015 Threat report highlights the emergence of cybercrime as a service, introducing new business models to cybercriminals, and increasing their spread and sophistication. The FBI’s Cybercrime Division prosecutor, Gavin Corn, observed that networking among criminal groups has been greatly enhanced by the emergence of new encrypted applications:

“Cybercrime wasn’t even a part of organized crime before, and now it’s the epitome of it.”

The evolution of the internet has also seen the rapid take up of encrypted and anonymous technology.

The value of this underground market today is guessed to be in the hundreds of millions. Some vulnerabilities have been reportedly sold for as much US$900,000 recently. Higher prices are paid for the more secure systems such Apple iOS – iphones and so on, but lower fees for older legacy operating systems like Windows XP.

The market operates in an orderly way with testing and evaluation prior to purchase. It’s similar to the carding business in that it seeks to create a stable reliable service encouraging repeated use.

You can read the article in full in The Conversation here.

Updated:  10 August 2017/Responsible Officer:  Director, RegNet/Page Contact:  Director, RegNet