Turns out that the ransomware menace didn't hit its stride until the second half of last year, when monthly payment amounts reached $2 million or more.
The researchers speculate that the rapid rise in ransom payments is just the start.
Criminals have started to sell or rent out their code: Ransomware as a service means anyone can join in and extort others, no programming skills required.
How do the criminals get their hands on the ill-gotten gains then? Ransom payments are usually done in a cryptocurrency like Bitcoin, which is exchanged to real-world money via websites that charge transaction fees, like banks.
Most of the ransomware payments above were cashed at the BTC-e exchange, which was taken down this month by US law enforcement. BTC-e founder Aleksandr Vinnik, a Russian, was arrested by Greek police and faces extradition to the US where he could get a 55-year prison sentence.
As it happens, there's a local connection: Vinnik used a New Zealand shell company for its domain registrations with a Takapuna address, the US Department of Justice said.
Vinnik's Bitcoin exchange is said to have laundered NZ$5.35 billion since he started the business in 2011, a colossal amount in a relatively short period of time. This compares to another cryptocurrency exchange, the Liberty Reserve, which was closed down in 2013 and which laundered more than NZ$8 billion for criminals.
His arrest might help resolve the theft of $634 million worth of Bitcoin taken in a raid on the Mt Gox exchange in 2014.
Mt Gox collapsed after the theft, and the money stolen was processed by BTC-e, the US DoJ says. The founder of Mt Gox, Mark Karpeles, is looking at five years in prison for embezzlement and fraud and it'll be interesting to see what the connection with BTC-e was.
Even though some cyber fraudsters and criminals are arrested by the cops, the amount of money sloshing around is so large that others will quickly fill the gaps. Ransomware in particular is a relatively low-risk crime presently, as it's easy for perpetrators to hide themselves, and the campaigns themselves are hit-and-run and not continuing operations.
Authorities, developers and security vendors have woken up to the situation. It's good to see resources like the No More Ransom site that's run by Europol and the Dutch police, with the help of security vendors Kaspersky and McAfee.
No More Ransom offers advice and assistance to ransomware victims, and provides decryptors for scrambled files.
The last bit is important: apart from tracking the criminals and bringing them in, the only thing that'll halt the rapid spread of ransomware is if people don't pay. Heed that advice, and spend the money on backups and updated software instead.
Because even if you do stump up with a large amount of Bitcoin to rescue your encrypted data, there's no guarantee you'll get your files back. You are guaranteed to be part of the ransomware problem rather than the solution though, if you pay the criminals.
