Cybercrime Money – Where Does It All Go?

By 2025, cybercrime will cost the world $10.5 trillion annually. This figure includes all the money cybercriminals earn when they sell stolen data or otherwise rake in through ransomware attacks.

Can you imagine the amount of money these criminals must be making?

Have you ever wondered what happens to cybercrime payments, either the ransom victims pay cybercriminals or what they’re paid when they sell stolen data on the dark web?

Cybercriminals are not launching cyberattacks for fun or to test their hacking abilities. They want to earn from these attacks. Typically, ransoms are paid in untraceable quantities of Bitcoin. But, there is a tightly-knit money laundering ecosystem out there that deals with hackers and cybercriminals operating on the dark web.  No matter how they earned, it, hackers are going to convert their ill-gotten gains into hard cash.

Let’s take a closer look at how criminals go about spending their nefariously obtained wealth:

The luxuries of life

No, cybercriminals will not be paying taxes on their “income.”

Whatever the reasons for their actions, they are human just like the rest of us and therefore their spending habits imitate everyone else: they pay their bills, buy food, etc. They also invest their money in ways that will help grow their wealth.

But cybercrime is a lucrative business. After they have sorted their basic needs, they will spend it in attaining status, impressing their romantic interests, gambling, and more.

It’s common human behavior, isn’t it? If you’ve got money, you spend it on the “good things” and live your life king-size. Well, at least some of the criminals believe this maxim. This might mean expensive cars, expensive housing, a holiday home in an exotic locale, and more.

But bear in mind that not all cybercriminals make millions of dollars in ransom money or selling data on the dark web. More often than not, the payout is not huge and any amount is divided within the team. Also, cybercriminals can get caught like any other criminal and can end up in jail. The reality of the average cybercriminal isn’t what we’d expect from the movies.

Growing the business

For cybercriminals, especially cybercrime gangs, cyberattacks are a business. One attack is not going to cut it for them. They need to keep coming up with bigger and better attacks. This way, they not only demand heftier ransoms, but also build their reputation as a group that should be taken seriously.

They invest money in tech that enables them to build new and improved hacking techniques that maneuver around the most well-protected networks. They also spend money to add experts to their team – for example, REvil, a cybercrime gang, dangled a $1 million carrot to attract other cybercriminals from an underground hacking forum.

It can all happen through a click

Imagine someone enjoying the high life just because you clicked on a malicious link. One of the common ways advanced malware like ransomware enters a network is through a phishing attack. An unsuspecting user (in the case of a business, an employee) clicks on a link that takes this person to a website that proceeds to drop malware onto their machine. This person might instead share sensitive credentials, not knowing that they’ve become the victim of a phishing attack.

While the attack techniques look simple, they are backed by comprehensive skillsets and a deep knowledge of human behavior. What’s more, cybercriminals erase their digital footprints to ensure law enforcement cannot track a cyberattack to them.

Stopping criminals from hitting paydirt

There are plenty of things you can do to ensure cybercriminals don’t make merry with your money. Here are a few steps you can take:

1. Develop security awareness and gain basic knowledge of the kind of cyber threats out there and how you can fall victim to such attacks. It is important to not live in a silo believing cybercriminals are only targeting organizations. Remember, if you are an employee or a business owner, you are a part of an organization too, and you might be on their radar. And for cybercriminals, no target is too small.
2. Adhere to strong cyber hygiene. Do not visit suspicious websites and make sure you do not divulge sensitive information until and unless you are absolutely sure how this information will be protected, and how will it be used.
3. Be wary of unfamiliar emails coming into your inbox. Not all of them are the real deal, and quite a few will be phishing attempts. Evaluate the origins of the email, reread the messaging, and consider the action items. If you have even the slightest doubt about the veracity of the email, don’t take action. Delete it and move on.
4. Keep an eye out for any performance issues or odd behavior from your PC or Mac. If you think your computer has slowed down for no reason, it might have been hit by a malware attack.

Also, get yourself a strong antivirus solution. Even the best of cyber hygiene and security awareness might not be able to keep all threats at bay. This is where a security solution can be your guardian angel. With Sophos Home, you are using the same award-winning security features that keep Fortune 500 companies safe. Right from malware scanning to comprehensive threat protection that blocks viruses, ransomware and beyond, Sophos Home delivers advanced protection from all kinds of threats.