The CryptoWall ransomware has generated around $325 million in revenue for the malicious actors behind it, according to a research published by the Cyber Threat Alliance (CTA).

The CTA, co-founded by Palo Alto Networks, Fortinet, Intel Security and Symantec, has conducted a study into the real-world impact of the malware.

Ransomware is malware that encrypts a victims’ data so that a cybercriminal can hold it for ransom. When the victims pay, usually through an electronic currency like bitcoin, they receive a key from the cybercriminal to unlock their data. If the victims don’t pay and haven’t backed up their data, it can be lost permanently.

The $325 million in revenue that went to the attackers included ransoms paid by victims to decrypt and access their files. The study found 406,887 attempted CryptoWall infections, 4,046 malware samples, and 839 command and control URLs for servers used by cybercriminals to send commands and receive data.

The hundreds of millions in damages spans hundreds of thousands of victims across the globe. North America was a particular target for most campaigns.

“The explosion of connected devices and our reliance on digital platforms has created an environment that is both empowering and creating new ways for adversaries to penetrate networks. Managing this risk is a shared responsibility. We need to step forward, and not wait for the adversary to make the move first,” said Derek Manky, global security strategist, Fortinet.

“Our first major target is ransomware threats like CryptoWall, which are growing at an alarming rate and holding critical business and consumer data hostage. By harnessing the power of the industry and sharing data from our vast threat intelligence networks to fight campaigns of this scale, we can make a larger impact on the threat landscape than if we pursue them individually,” added Joe Chen, vice president of engineering, Symantec.