With the seemingly everyday occurrence of ransomware attacks and the suspected $350 million that the illegal industry pulled in, it is often wondered, where does all that money go?
When a ransomware victim makes a payment, it is more than likely going to be in the form of a crypto currency like Bitcoin or more recently, Monaro.
Crypto currency is the payment method of choice by cyber criminals due to how anonymous it is, and how hard it can be to track.
Once the payment is sent to the wallet of the attacker it will be shuffled around to various other wallets where it will then eventually make its way to the attackers’ pockets.
But once the attackers have the money, what do they do with it?
A common business saying is “Gotta spend money to make money” and this holds true to the ransomware business as well.
Ransomware gangs will spend crypto currency buying 0day, or zero-day, exploits from dark web markets to be used in future attacks.
0day exploits are pieces of code that take advantage of an unknown vulnerability to give the attacker access to a system or information.
0day exploits are especially dangerous because sense the vulnerability is unknown, there are no protections against it and is almost a guaranteed way for attackers to gain access.
These exploits can range from gaining initial access to a system or network to exploits that will leverage access to further move through out a network or escalate privileges of a compromised account.
As well as putting money back into the business, ransomware gang members will often enjoy a life of luxury as seen in police raids of ransomware gang members.
In this video of a Ukrainian Police raid against members of a ransomware group known as CL0P, it can be seen that some of the members spent some of their profits on luxury cars, electronics and other high end accessories.