Ransomware has been a plague on every business. An estimated 61% of organizations worldwide experienced a damaging ransomware incident in 2020, a 20% increase over the same period in 2019. A successful ransomware attack is inevitably an expensive, disruptive disaster. Ransomware cyber insurance claims grew by 260% in 2020. This flood of ransomware has led to a wave of questions from businesses wondering what to do to stay safe and what to do if they get hit – including whether they should pay the ransom.
This huge surge in cybercrime has helped produce a thriving dark web economy for stolen data. And where there’s demand, there will be cybercriminals ready to supply eager buyers. The most common way for them to do that is through ransomware. An organization that falls prey to ransomware doesn’t just lose its data. Those unfortunate organizations also lose an average of six working days to system downtime, with 37% saying downtime lasted one week or more after that incident. Not to mention the exorbitant costs of investigation, remediation, and recovery; it’s no wonder that 60% of companies that are hit by a cyberattack go out of business.
One solution that cybercriminals eagerly present to businesses that they’ve attacked is to pay the ransom. An estimated 52% of organizations choose to negotiate with the extortionists or simply pay the ransom that is demanded. Paying off a ransomware demand isn’t cheap; the average ransomware payment in the third quarter of 2020 was $233,817, up 31% from the second quarter of last year. In some ransomware variants, like the current weapon of choice double extortion ransomware, victims can be on the hook for two payments – or even three if they’re ensnared by the new triple extortion variety.
If a company doesn’t pay the ransom, the cybercriminals will still profit from selling the victim’s data. If a company does pay the ransom, their money gets disseminated all over the dark web. Ransoms don’t just go to one person or organization – even an ancillary participant in a ransomware attack will profit. Ransomware practitioners have a high chance of walking away with substantial cash, and everyone gets paid. Major gangs often run their scams through affiliates, so the actual attacker is very likely an independent contractor of sorts. They’ll be responsible for running everything about the operation from planning to execution. The affiliate may be a smaller gang or just a group of freelancers getting together for one job. The boss gang may supply the tech, or the affiliate may be bringing their own. Frequently, the attackers will hire freelancers through dark web forums and gather resources from dark web data markets and dumps.