According to Dell SecureWorks Counter Threat Unit (CTU) security researcher Keith Jarvis, the CryptoLocker ransomware that has been written about so much of late has infected as many as 250,000 computers during the first 100 days of distribution (staring on the 5th of September, 2013). What's more, Jarvis estimates, based upon independent research, that owners of at least 0.4% of the infected machines will have paid the ransom demanded in order to unlock their data. Some pretty simple maths says that the $300 ransom multiplied by 1000 users equals a net haul of $300,000. Right? Well, maybe not.

Although it does seem likely that CryptoLocker remains the work of a single criminal gang, and security experts suggest it is operating out of either the Russian Federation or former Eastern Bloc states, the total ransom generated so far is open to some doubt. I'm not doubting that the infection rate is correct, and Jarvis himself admits that the 0.4% number of folk coughing up the cash is very much a minimum figure and likely to be much higher in reality, I do think that even so the total profit if going to be much, much greater. Why so? Well, I would imagine that you can up the number of people paying for a decryption key from that very low 0.4% to at least 1% which in itself still seems on the low side for such a well co-ordinated and executed attack as this. But hey, let's side with caution and say it is 1%, that immediately turns $300,000 into $750,000: or it would if we were talking about cash here.

Ah, yes, now this is where the numbers start to really get interesting because the CryptoLocker ransom isn't being paid in cash but rather in bitcoins. The thing about Bitcoin as a virtual currency is that it virtually knows no bounds as far as exchange rate volatility is concerned. Indeed, initially the bad guys were asking for a 2 bitcoin ransom, which at the time worked out to about $300. Then Bitcoin went through the roof (more than $800 for one bitcoin), and the gang realised people were much less likely to cough up $1,500 or thereabouts to release their data. So the ransom dropped to 0.5 bitcoin instead, which at todays rates would be about $375.

The point being, that if the gang got a bunch of people paying at the original 2 bitcoin rate, and let's say proportionately more paying at the 0.5 bitcoin rate, that's still a lot of coin! I would further assume that, given how technically advanced CryptoLocker is as a piece of ransomware, that this gang are not technically inept and understand the mysteries of the Bitcoin markets. In which case I doubt they were cashing in immediately, making their haul of bitcoins worth a lot more than the original guesstimate of $300,000 and even that revised $750,000 figure would suggest.

If these guys have not made more than a million dollars out of CryptoLocker then you can call me Jan. However, seeing as I am not a Dutchman's Uncle, I will stick my neck out and say that I imagine the CryptoLocker gang have already cashed in at least half a million and are watching the Bitcoin market for the right time to cash out the remainder of their haul. At which point, they will probably have made in excess of $1.5m in my never humble opinion.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.