Economics of Ransomware

We study the economics of operating ransomware: from maintaining infrastructure, generating revenue, to getting victims to pay. We recently presented at Black Hat (see slides). See also UCSD's press release.

Collaborators include University of California San Diego, New York University, Chainalysis, and Google.

Research Questions

Our goals: Understand the business model of ransomware; estimate profitabilty; find the chokepoint.


How many ransomware families?
What revenue do they generate?
Over what period of time?


How many paying victims?
How much did they pay?


What infrastructure (e.g. C2 and DNS) did the ransomware operators build?
How stable? What is the churn rate?