Here are the dark secrets of the 'ransomware' economy

On Tuesday, CNBC released a new expose of the players behind "ransomware" attacks — malicious software that locks down people's most critical data and demands payment in return for de-encrypting it.

The insights come from Marc Bleicher, managing director of cybersecurity company Arete Advisors, which specializes in preventing ransomware attacks.

"It's a corner of the criminal underworld that has seen explosive growth. According to a report by Chainalysis, the total amount paid by ransomware victims increased by 336% in 2020 to reach nearly $370 million worth of cryptocurrency," reported Eamon Javers. "And some big players are scoring huge gains: The report found the digital hostage-takers are dominated by large players who are raking in millions of dollars a year. Just 199 cryptocurrency deposit addresses receive 80 percent of all funds sent by ransomware addresses in 2020, Chainalysis found."

These attacks have targeted everything from small businesses to county governments to even hospitals.

"[One] note featured a countdown clock, laid out a price, and warned: 'If you do not pay on time, the price will be doubled.' In this case, the hackers demanded payments in monero, a particularly hard to trace cryptocurrency favored by the hackers," said the report. "In another real ransom note shared by Arete, the hackers said: 'To unlock files you need to pay 3.8 bitcoin' — that's the equivalent of more than $200,000. 'To confirm our honest intentions, we will unlock two files for free.'"

One of the good pieces of news, the report noted, is that the criminals almost always honor their agreement and return the files if the ransom is paid. But there can be no telling where that money is going to.

"Bleicher said companies can get comfortable with paying off crooks — but they don't want to pay terrorists or run afoul of US or Western sanctions. So the most important thing his company does is check with the U.S. Treasury's Office of Foreign Assets Control to see if the entities they are paying have any connection to known sanctioned organizations," said the report. "The goal is to make sure the victim companies don't accidentally break U.S. or European laws."

You can read more here.