Symantec: Cybercriminals make £3m from ransomware
Research finds that criminal gangs are increasingly using malware to blackmail users.


Criminals are making 3 million a year from holding people's computers to ransom, according to a new study.
Research from IT security company Symantec revealed that 2.8 per cent of victims pay up to 280 to unlock computers infected with malware that locks screens and prevents them from accessing their PCs.
Cybercriminals often use social engineering tricks, such as displaying fake messages purporting to be from local police authorities, to convince victims to pay up. Such messages often include warnings such as, "you have browsed illicit materials and must pay a fine."
The research found that one gang was observed attempting to infect 495,000 computers over the course of just 18 days. The first instances of this type of cyber-attack were observed in 2009, and - until recently - it was largely limited to Russia and Eastern Europe.
"It has increasingly become a popular ploy among numerous international online criminal gangs, spreading the threat to Western Europe, the United States and Canada over the past year," said the company.
Symantec said ransomware will surpass fake anti-virus software as the leading cybercrime strategy in the coming year. It said there are other signs that ransomware is becoming increasingly professional.
Several different ransomware families, sold to what appear to be separate gangs, have all been tracked back to a single individual.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"That individual, who we have been unable to identify, is seemingly working full-time on programming ransomware on request" said the company.
"This dedicated development of multiple different versions of the same type of malware is reminiscent of how fake antivirus was developed."
The company also predicted that as users shift to mobile and cloud so will attackers to exploit Secure Sockets Layer (SSL) Certificates used by mobile devices and applications.
Earlier this week IT Pro reported that security researchers have identified a new malware strand that steals image files from computers and sends them to a remote server.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
UK enterprises regret going all-in on public cloud
News Data sovereignty, rising costs, and governance issues mean many IT decision-makers regret having made the move
-
Trend Micro and Google Cloud double down on AI security with expanded partnership
News The agreement targets improved proactive security across cloud environments, alongside enhanced scam defense capabilities
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs