It was reported in November that one of the world’s largest botnets sent out somewhere in the region of 12.5 million spam emails. If you don’t know what a botnet is, it’s a collection of internet connected devices that are infected and controlled by some malware.
To most people it may appear fairly obvious that the email is a spam and the vast majority of people will just delete it.
So why do we still get these emails?
We still receive them simply because even if only a small percentage of people act on them the criminals still make a lot of money.
In the example above, imagine that only 0.5% of the emails sent are opened. That would be 625,000 emails opened. Even at that, not everyone who opens the email will download the malicious attachment which contained ransomware. So let’s imagine that only 1% of those 625,000 people click the attachment.
Suddenly, 6,250 computers are infected with ransomware.
According to security firm Symantec the average ransom demand is around $1000 (around £750) and Norton report that 34% of people who are hit with ransomware will pay the demand. Both those figures seem a little on the high side to me, so let’s say in this instance the ransom is only £500 and that only 10% of the victims will pay. That works out at 625 people paying a ransom of £500, a total of £312,500 for sending 12.5 million emails. So for a click rate of 0.005% the attackers can still make vast amounts of money.
P.S. Before you are tempted to turn to the dark side and try this, just remember that when you get caught a lengthy prison sentence awaits you!
If you are concerned about your staff falling victim of spam or phishing emails, please email [email protected] for more information.
Written on 10 January 2018