Victims of ransomware attacks have paid hackers more than $25 million to get back their data over the past two years, according to researchers from Google, Chainalysis, the University of California at San Diego and the NYU Tandon School of Engineering.

The study was presented at a Wednesday security conference, The Verge reported.

Researchers used blockchain to follow payments and compare data to create a layout of the ransomware environment. To gather this data, the team tracked 34 ransomware families.

[Also: The biggest healthcare breaches of 2017 (so far)]

Obviously, it was a few major variants that garnered the majority of payments. Locky was the most profitable with $7 million in payments. Cerber was close behind with $6.9 million in profits, while CryptXXX landed $1.9 million.

These numbers correlate to payments made, but researchers couldn’t verify how much the original ransomware authors made from these attacks.

Part of Locky’s success was due to the way it structured the malware. It was the first actor to separate the payment and encryption process from the malware distribution groups, which propagated the reach of the malware. The other malware actors soon adopted this technique.

[Also: Defending against dark web-fueled attacks calls for research, strategy]

Researchers also found that ransomware authors are increasing in sophistication and are improving antivirus evasion. The latest variants can change its identifying binary code if detected. For example, the researchers found thousands of new Cerber binaries each month.

Ransomware is continuing to be problematic for the healthcare sector. Just this week, Women’s Health Care Group of Pennsylvania reported a months-long ransomware attack that may have breached the records of 300,000 patients. And while investigating a ransomware attack, Atlanta-based Peachtree Neurological Clinic found another 15-month breach.

The FBI and the U.S. Department of Health and Human Services have repeatedly alerted all organizations not to pay the ransomware. There’s no guarantee an organization will regain access to its files -- as seen with the May 2016 attack on Kansas Heart Hospital.

Further, paying the hackers just feeds the black market system.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn