Why Ransoms Are Soaring


Attack Severity

When Cryptolocker arrived in 2012, it brought a great deal of fear and panic in its wake. This particularly malicious type of malware affected and encrypted data across the globe with no way to reverse it. While that was certainly a terrifying scenario, little did we know that ransomware encryption would get much worse over the next decade.

When we first came across this new breed of ransomware, the ransoms charged rarely exceeded $100 USD. Fast forward to 2020 and the average ransom being charged is somewhere around $180,000 and rising fast.

With ransoms rising, the severity and impact of attacks have worsened as well. A British insurer stated that nearly half of their cyber insurance claims for the first half of 2020 were ransomware related. Although the majority of criminal money is still made at the expense of the SMB sector (as always), brazen “big game” attacks on giant corporations, government, healthcare, education and transport have never been in the news as much as they have been in recent years, with some U.S. states even declaring a national emergency in response to the crisis.


In the early days, crooks used botnets, email campaigns or exploit kits to target and infect millions across the globe with ransomware. The problem with this approach, from a criminal perspective, was its imprecise and haphazard nature. A million malicious emails might be sent out, but it was tough to know just who you were writing them to and how much money they had. Was the victim rich or poor? Corporate or consumer? Did they have backup or not?

Law enforcement began warning about targeted attacks in 2016 when criminals were casing their victims and tailoring their attacks and ransoms accordingly. If you know your victim is rich, has no backups and is sensitive to disruption, then your ransom demand would be a whole lot bigger. Current specialists, such as the Maze gang, know EXACTLY how much their victims are worth and even boast about it online to put pressure on them to pay.


The level of execution and ruthlessness of ransomware operators has been increasing. While older attacks could be dealt with by wiping a machine or restoring data from backups, modern attacks aim to bring an organisation to its knees. Why encrypt just one machine when you can encrypt thousands? Why encrypt thousands of machines when one critical file server will do? Malicious actors are taking their time to compromise accounts and defences and get as much access to a network as possible. Disabling security, cancelling or wiping backups and encrypting network shares are just some of the methods used to cripple an organisation and of course, elicit bigger ransoms. On top of this, the encryption of data is usually accompanied by the theft of sensitive data as well, the details of which are often published online, giving ransomware gangs a ”double leverage” when demanding a ransom.


Today’s ransomware criminals are incredibly professional. The top gangs work office hours, safe in the knowledge that they won’t face prosecution. They form cartels, affiliate programs and complicated “corporate” alliances with other criminals, and anything they can’t use they fence on the dark web to lower-level criminals who can gain access to critical infrastructure for the price of a cup of coffee.

Cybersecurity lock

Top 10 Cybersecurity Threats in 2021 and How to Protect Your Business

According to a report by Cybersecurity Ventures, global cybercrime costs are expected to grow by 15 percent per year overRead More

Hacker on laptop cybersecurity

Cybersecurity Is a Top Priority – What to Do About It?

Cybersecurity affects the everyday lives of most IT practitioners and IT leaders worldwide, with more than 50 percent of themRead More

Haunted House of IT Contest Winners

Congratulations to the Winners Who Escaped the Dreaded Haunted House of IT

Although the Haunted House of IT had some extremely dangerous threats lurking about, many of our brave visitors were ableRead More

Illustration of man hanging on top of bar graphs

2020 IT Operations Survey Results – Highlights and Key Takeaways

Through our latest 2020 IT Operations Survey Results Reports – Strategic Priorities for IT Leaders and Technical Priorities for ITRead More

2020 IT Operations Survey Results - Highlighs and Key Takeaways - Watch Now
2020 MSP Benchmark Survey Report