Ransomware and the Market Forces That Incentivize It
Ransomware is a growing cyber threat that poses significant risks to businesses, economies and societies. While much research focuses on ransomware tool kits, malware samples and vulnerable victim landscapes, less is known about the behavioural factors and market forces that incentivise the rise of ransomware.
Ransomware has become a major driver of cybercrime, enabling attackers to extort money from unwitting victims. It is a “simple” attack that can be executed at scale, using low-cost tools, and offers a high return on investment for attackers.
When ransomware is infected, it encrypts files and displays a message demanding payment to decrypt them. The ransom amount can range from a few thousand dollars to millions. In some attacks, hackers even threaten to post a list of companies that refuse to pay, a practice known as double extortion.
In the past, attackers have focused on industries with lax cybersecurity measures, such as educational institutions and healthcare providers. More recently, critical infrastructure sectors have been targeted. Attacks on power utilities, manufacturers and transportation services are a reminder that ransomware is not just a nuisance for individuals and small businesses, but also can directly impact the safety of our daily lives.
The attacks that took down the Colonial Pipeline and slowed service at the Port of San Diego illustrate how ransomware can inflict widespread disruption, threatening the flow of goods, energy and public services. This kind of indirect victimization can cost companies large sums of money for remediation and lost business. In addition, the emergence of ransomware innovations such as “wipers,” which destroy entire systems, further escalates financial losses. To prevent such an escalation, organizations should review their cybersecurity policies and consider additional countermeasures, such as backing up data, training users to recognize phishing emails and investing in strong anti-virus or anti-malware software. For more information, read the #StopRansomware Guide from the MS-ISAC and the Cybersecurity and Infrastructure Security Agency (CISA).