Ransomware attacks have been a lucrative business model for criminals, with large payouts.
The average ransom payment is almost a quarter-million dollars, according to a 2021 IDC survey which found that one-third of organizations around the world were ransomware victims over the previous year.
Ransomware is a malware program that encrypts files on computer systems, making them unusable. Attackers typically threaten to either permanently lock down compromised systems or to release sensitive data, if a ransom is not paid.
• An increased attack surface, lack of security awareness, and poor cyber hygiene make many organizations an easy target.
• Improved encryption and the popularity of untraceable cryptocurrencies facilitate the execution of ransomware.
• Ransomware gangs often operate as organized crime, targeting certain countries or sectors.
• Ransomware-as-a-service (RaaS) models also help to propagate this type of attack.
The U.S. government considers ransomware a growing national security threat and has launched a series of initiatives to combat ransomware attacks, including the StopRansomware.gov website which provides education about how to prevent and mitigate ransomware attacks.
According to Gartner, “The percentage of nation-states passing legislation to regulate ransomware payments, fines, and negotiations will rise to 30 percent by the end of 2025, compared to less than one percent in 2021.” In the U.S., government organizations such as the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) advise victims to report the incidents to law enforcement and not pay ransoms. Still, there were large payouts in 2021. For example:
High-profile cases make the headlines, but cyberattacks on small businesses account for about 75% of all ransomware incidents, according to the U.S. Department of Justice (DOJ).
By 2031, ransomware costs will reach $265 billion annually. But the financial damage of ransomware are only part of the picture; it can also cause reputational and operational damage, including:
No organization is immune to cyberattacks, but every organization can take steps to strengthen their defenses to minimize the risks, including: