Financial and ID Technologies

More than $16 Million Ransomware Payments Have Been Made in the Past 2 Years

23 March 2018

Blockchain transactions were used to correlate reported ransomware attacks. Source: UnsplashBlockchain transactions were used to correlate reported ransomware attacks. Source: UnsplashRansomware attacks, which encrypt and hold a computer user’s files hostage in exchange for payment, comprise one of the fastest growing forms of cyber-attacks today.

Researchers from the NYU Tandon School of Engineering have studied ransomware payments learning that $16 million in ransomware payments have been tracked in the past two years by researchers with South Korea paying about $2.5 million as the country has been hard hit by the impact of ransomware.

Researchers found that most ransomware operators used the Russian bitcoin exchange, BTC-E, to convert bitcoin to fiat currencies. Subsequently, BTC-E has since been seized by the FBI. Researchers estimate that at least 20,000 individuals made ransomware payments over the past two years and more than likely the $16 million number is actually much higher than those reported.

The NYU Tandon researchers were able to track the payments over a two-year period due to the public nature of bitcoin blockchain technology. Bitcoin is the most common currency of ransomware payments because most victims do not own them and the initial bitcoin purchase provides a starting point for tracking payments. Each ransomware victim is often given a unique payment address that directs to a bitcoin wallet where the ransom is collected. Researchers used public reports of ransomware attacks and correlated them with the blockchain transactions.

Furthermore, researchers executed real ransomware binaries in a controlled environment — essentially becoming victims themselves and making micropayments to real ransom wallets in order to follow the bitcoin trail.

"Ransomware operators ultimately direct bitcoin to a central account that they cash out periodically, and by injecting a little bit of our own money into the larger flow we could identify those central accounts, see the other payments flowing in, and begin to understand the number of victims and the amount of money being collected," says Damon McCoy, an assistant professor of computer science and engineering at the NYU Tandon School of Engineering and who led the research.

Researchers will detail their findings at the upcoming IEEE Symposium on Security and Privacy taking place May 21-23.

To contact the author of this article, email

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the GlobalSpec
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets