Despite growing awareness of the risks presented to users, ransomware continues to be a highly profitable endeavor for nefarious actors, according to new research that finds the market for ransomware is exploding.

Researchers at endpoint security firm Carbon Black Inc. found that from 2016 to 2017, there has been a staggering 26fold increase in the sale of ransomware on the dark web, a shady part of the internet reachable with special software, because of a simple economic principle: supply and demand.

“Cybercriminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit economies,” the researchers noted. “In addition, a basic appeal of ransomware is simple: it’s turnkey. Unlike many other forms of cyberattacks, ransomware can be quickly and brainlessly deployed with a high probability of profit.”

The researchers also estimated that there were now 6,300 plus sites on the dark web selling ransomware via 45,000-plus product listings. Sales for the year to date are estimated to have totaled over $6 million, with ransomware authors able to pull in annual salaries of more than $163,000, double that of legitimate software developers, who pull in an average of $69,000 a year.

Bitcoin, unsurprisingly, gets a mention in the research paper, named as aiding the growth of ransomware. But the researchers noted that more importantly, it’s a lack of fundamental security controls such as backups, testing, restoration, patching, visibility and out-of-date prevention strategies that are the main reasons ransomware is thriving.

Those pushing ransomware were found to be increasingly leveraging social media content on sites such as Facebook to spread their code. “Ransomware will increasingly leverage social media to spread either intentionally or unintentionally,” the researchers said. “Similar to malware such as Koobface, maliciously shared content on sites such as Facebook could lead victims to click-enticing links. Intentionally shared ransomware, seen in prior concepts, such as Popcorn Time where victims could share to reduce or eliminate their ransom, could see larger-scale use.”

Going forward, the researchers say that ransomware “will become more targeted by looking for certain file types and targeting specific companies such as legal, healthcare and tax preparers rather than ‘spray-and-pray’ attacks we largely see now.”

Image: Carbon Black