Ransomware operations have transformed dramatically over the last few years from a small cottage industry conducting largely nuisance attacks to a highly complex business model that is extremely efficient and specialized with an increasing level of innovation and technical sophistication.
Research by Cybersecurity Ventures estimated a ransomware attack occurs about every 11 seconds. That translates to about 3 million ransomware attacks over a year.
In 2021, the average ransom payment was $570,000, a 518% increase from 2020. For perspective, this average is relatively low compared to recent ransom demands that have hit as high as $50 million dollars or more.
Several factors have contributed to the maturation of ransomware operations, resulting in a significant surge in ransomware attacks with record-breaking ransom payouts.
Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands.
These more complex ransomware operations, or RansomOpsTM involve highly targeted, complex attack sequences by sophisticated threat actors.
The burgeoning Ransomware-as-a-Service (RaaS) industry has also lowered the technical bar for many would-be attackers by making complex attack infrastructure available to low-skilled threat actors.
Ransomware is an extremely lucrative business model with little-to-no risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand swiftly under the assumption it will return business operations to normal, and we have a big problem with no easy remedies.
This has created a gold rush in the cybercrime world, spawning an ecosystem of technologies and services that support these illicit operations, creating a larger Ransomware Economy that flourishes much like any legitimate emerging market sector.
This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks.