Markets
Share this article

Report: CryptoWall Creators Earned $325 Million in Bitcoin Ransoms

A new report looks at the CryptoWall ransomware and its components in an attempt to analyze its success.

By Stan Higgins
Updated Sep 11, 2021, 11:58 a.m. Published Oct 30, 2015, 9:00 p.m.
MalwarePhoto

A cyber-security industry group has published new research on the CryptoWall ransomware campaign, finding that the attacks have generated more than $300m in ransom income and stem from a single source or entity.

The report was published earlier this week by the Cyber Threat Alliance, founded by Intel Security, Symantec, Palo Alto Networks and Fortinet. Major takeaways from the organization’s research include evidence of as much as $325m worth of ransomware victim payments and more than 400,000 attempts to infect computers with the third variant of CryptoWall (CW3), many of which appear to have focused on targets in North America.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Backing the idea that the ransomware is sourced to a single entity is evidence found in both the code as well as the web of bitcoin payments trackable on the public blockchain. The report notes that Armenia, Belarus, Iran, Kazakhstan, Russia, Serbia and Ukraine are blacklisted, meaning the malware won’t operate in those regions and suggesting possible points of origin.

The report’s authors add that an analysis of bitcoin transactions tied to known ransom campaigns points to the common use of bitcoin wallets across those campaigns, stating:

"As a result of examining this financial network, it was discovered that a number of primary wallets were shared between campaigns, further supporting the notion that all of the campaigns, regardless of the campaign ID, are being operated by the same entity."

The bitcoins accrued – known ransom demands range from the hundreds to thousands of dollars, according to the report – are then washed through multiple addresses and known bitcoin services, though none are named directly in the report. Some of the funds are essentially reinvested in new exploit kits or rent payments for botnets.

Revenue-wise, the report’s authors note that, for its backers, CryptoWall "is extremely successful and continues to provide significant income".

"One variant alone involved with the 'crypt100' campaign identifier resulted in over 15,000 victims across the globe," the report states. "These 15,000 victims alone would account for, at minimum, roughly $5m in profit for the CW3 group."

Read the full report below:

CryptoWall Report

Image via Shutterstock

CrimeRansomwareNewsCryptowall

More For You

KuCoin Hits Record Market Share as 2025 Volumes Outpace Crypto Market

By CoinDesk Research
Dec 22, 2025
logo
Commissioned byKuCoin
16:9 Image

KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.

What to know:

  • KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
  • This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
  • Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
  • Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
  • Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
View Full Report

More For You

XRP drops 4% as traders watch whether $1.88 support holds

By Shaurya Malwa, CD Analytics
1 hour ago
trader (Pixabay)

Price stabilizes near recent lows after a volatile pullback from above $2.

What to know:

  • XRP slipped nearly 4% as bitcoin fell below $88,000, with price action driven more by market structure and positioning than by changes to Ripple’s fundamentals.
  • Spot XRP ETFs saw about $40.6 million in weekly outflows, suggesting institutional profit-taking and rotation rather than a loss of confidence in the asset.
  • XRP remains range-bound in a tight consolidation between support around $1.88 and resistance near $1.93–$1.95, with fading volume pointing to a larger move once the current stalemate resolves.
Read full story