First emerging in late 2015, the group believed to be responsible for the SamSam ransomware family has targeted small and large businesses, healthcare, governments and education.
Over time, the ransom prices set by this group have changed some, but they've remained consistent when it comes to general affordability, which is why many victims have paid. To date, the group has made nearly $850,000 USD.
[ Read our blue team's guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]
This somewhat shocking figure is based on current value of Bitcoin (BTC), which was $8,620.22 at the time this story was written. However, because the market is constantly changing, the actual value of the ransoms paid will go up or down, as the final value is determined on the rate at cash-out.
Also, this figure is based on the previously known SamSam wallet (used during the Allscripts attack in January) and the wallet used in their most recent attack against the City of Atlanta.
Still, the fact the group behind SamSam has collected any ransom at all, let alone 98.5 BTC, tells an interesting story about the balance between security and business.
When victims of ransomware pay the ransom, most people assume it's because they didn't have proper backups, or the backups themselves were either outdated or corrupt. You'll see pundits mention this in the media or on stage at security conferences year-round.
Thing is, what most pundits aren't talking about – a dirty secret for some in the security industry – is that sometimes it's cheaper and quicker to pay during a ransomware attack.