In a first-of-its-kind study, computer scientists let themselves get attacked with ransomware to figure out how hackers carry out the attacks, whom they target and how much money they ask for.
Cybercriminals use ransomware to encrypt files on a victim's computer or mobile device. If people want their files back, they're told to send a payment to the attacker's digital wallet.
For two years, researchers followed ransom transactions — including some of their own — to see how payments circulated. They found that at least 20,000 individuals made ransomware payments totaling $16 million and that South Koreans were "disproportionately" targeted in those campaigns.
Researchers also noticed that most hackers asked for payments in bitcoin. Once they got the payment, most ransomware operators used a Russian bitcoin exchange to turn that cryptocurrency into real money.
But not all ransomware victims get their data back. One study found while about two-thirds of businesses hit by these attacks paid a ransom, only 1 in 5 actually saw their files returned. And some forms of ransomware delete users' files well before the ransom is paid.