How Cyber Criminals Monetize Ransomware Data

by | Sep 18, 2023 | Ransomware

How do hackers make money? What do cybercriminals do with stolen information after a successful ransomware attack? These are increasingly common concerns today as rates of cyberattack reports continue to rise. Hackers launch these attacks to profit off their victims, although their methods for accomplishing this can vary. 

How Hackers Make Money on the Dark Web

The most common way hackers monetize ransomware data is by selling stolen information on the dark web. The dark web is a dispersed collection of anonymized websites where people can conduct various activities privately and without tracking. Sometimes, these activities are harmless, but they frequently involve illegal transactions.

The dark web serves as a marketplace for anyone buying, selling or trading goods that would get them in legal trouble anywhere else. So, if you’re wondering how hackers make money, the dark web usually has something to do with it.

An example of this is a 2022 cyberattack that hit several large tech companies including Apple, Meta and Discord. The hackers abused a legitimate system known as an emergency data request by using stolen government email accounts purchased on the dark web.

Services like this are openly advertised among hackers. If they steal a large set of login credentials, they can sell them online. Hackers also sell any valuable personal information they can find, especially financial information such as credit card numbers.

Black Mail and Extortion Using Ransomware

What do cybercriminals do with stolen information right after completing a ransomware attack? Usually, they start by trying to force their victim into paying a ransom to get the data back. This could be black mail or extortion and involve a variety of tactics depending on the scale of the attack.

For example, a hacker might launch a ransomware attack on a large corporation, stealing and encrypting thousands of files. The attack will conclude with demands for the company to pay a ransom, usually in cryptocurrency, or else the hacker will release, delete or sell the stolen data. Either way, the hacker makes a profit, unless they choose to leave the data encrypted or simply delete it.

The threat of extortion is part of why the United States SEC is establishing new regulations requiring companies to report cyber incidents, including ransomware attacks. By disclosing cyberattacks to the government, federal agencies can step in to help resolve the issue and save as much data as possible. They also help companies improve their security to prevent such situations.

Attacks on Individuals

Ransomware attacks on individual people tend to work a bit differently. Hackers occasionally personally target specific people, but they mostly leave phishing traps around the internet and wait for an unsuspecting user to fall for the trick. Once they do, the hacker’s ransomware infects their computer.

At that point, the ransomware will often encrypt large swaths of the user’s data and trigger a message to appear with the hacker’s ransom. It will include a demand for a certain amount of money in exchange for the data to be decrypted. As with businesses, the hacker in this case is hoping to make money by extorting their victim.

In some cases, the hacker might also use blackmail. This is where the question of how hackers make money gets especially unnerving. If a hacker finds potentially sensitive data, they may use it to blackmail their victim into giving away a certain amount of money. This type of attack is less common but much more personal.

Other Ways Hackers Use Stolen Data

What do cybercriminals do with stolen information if they don’t sell it or extort their victim? There are a few possibilities. In many cases, the hacker simply uses the stolen information. They monetize it by using it to buy things, remove money from bank accounts or open new financial accounts with a stolen identity. 

Nation-state hackers also use stolen information differently. These hackers work for international governments and usually aim to steal information, cause fear or disrupt activity in an opposing nation. They also target private sector organizations and individuals, not just government agencies.

When a nation-state hacker steals data, they monetize it by simply handing it over to whichever government is sponsoring them. Ransomware is a common attack method among nation state hackers, so they may also attempt to extort their victims in addition to receiving payment from government personnel.

What Do Cybercriminals Do With Stolen Information? 

How do hackers make money? Ultimately, it depends on the type of hacker. Individual hackers most likely use stolen data themselves or monetize it by selling it on the dark web. More skilled hackers or hacking groups are more likely to target businesses and use extortion and blackmail to get money from them.

These risks are definitely concerning, but users and businesses alike can take action to defend themselves. Automated security testing tools like RidgeBot can significantly improve security by highlighting vulnerabilities hackers might use to steal data. This information allows users and businesses to strengthen their security and eliminate weak spots, preventing successful ransomware attacks.

About Author

Zachary Amos is the Features Editor at ReHack, where he covers cybersecurity, artificial intelligence, and other trending tech topics. For more of his work, follow him on Twitter or LinkedIn.