Why Ransoms Are Soaring


Attack Severity

When Cryptolocker arrived in 2012, it brought a great deal of fear and panic in its wake. This particularly malicious type of malware affected and encrypted data across the globe with no way to reverse it. While that was certainly a terrifying scenario, little did we know that ransomware encryption would get much worse over the next decade.

When we first came across this new breed of ransomware, the ransoms charged rarely exceeded $100 USD. Fast forward to 2020 and the average ransom being charged is somewhere around $180,000 and rising fast.

With ransoms rising, the severity and impact of attacks have worsened as well. A British insurer stated that nearly half of their cyber insurance claims for the first half of 2020 were ransomware related. Although the majority of criminal money is still made at the expense of the SMB sector (as always), brazen “big game” attacks on giant corporations, government, healthcare, education and transport have never been in the news as much as they have been in recent years, with some U.S. states even declaring a national emergency in response to the crisis.


In the early days, crooks used botnets, email campaigns or exploit kits to target and infect millions across the globe with ransomware. The problem with this approach, from a criminal perspective, was its imprecise and haphazard nature. A million malicious emails might be sent out, but it was tough to know just who you were writing them to and how much money they had. Was the victim rich or poor? Corporate or consumer? Did they have backup or not?

Law enforcement began warning about targeted attacks in 2016 when criminals were casing their victims and tailoring their attacks and ransoms accordingly. If you know your victim is rich, has no backups and is sensitive to disruption, then your ransom demand would be a whole lot bigger. Current specialists, such as the Maze gang, know EXACTLY how much their victims are worth and even boast about it online to put pressure on them to pay.


The level of execution and ruthlessness of ransomware operators has been increasing. While older attacks could be dealt with by wiping a machine or restoring data from backups, modern attacks aim to bring an organisation to its knees. Why encrypt just one machine when you can encrypt thousands? Why encrypt thousands of machines when one critical file server will do? Malicious actors are taking their time to compromise accounts and defences and get as much access to a network as possible. Disabling security, cancelling or wiping backups and encrypting network shares are just some of the methods used to cripple an organisation and of course, elicit bigger ransoms. On top of this, the encryption of data is usually accompanied by the theft of sensitive data as well, the details of which are often published online, giving ransomware gangs a ”double leverage” when demanding a ransom.


Today’s ransomware criminals are incredibly professional. The top gangs work office hours, safe in the knowledge that they won’t face prosecution. They form cartels, affiliate programs and complicated “corporate” alliances with other criminals, and anything they can’t use they fence on the dark web to lower-level criminals who can gain access to critical infrastructure for the price of a cup of coffee.

Illustration of man hanging on top of bar graphs

2020 IT Operations Survey Results – Highlights and Key Takeaways

Through our latest 2020 IT Operations Survey Results Reports – Strategic Priorities for IT Leaders and Technical Priorities for ITRead More

IT Security

IT Security: Profitability in a Service No One Wants to Use

No one likes paying for things they hope they will never use. Whether it’s car insurance or fire alarms orRead More

Wooden block that says Business Continuity

What is BCDR? Business Continuity and Disaster Recovery Explained

With organizations going through digital transformations and more employees working remotely, cybersecurity is a top priority for almost all ITRead More

Finger print scanning mobile app

Two-Factor Authentication (2FA): A Must-Have For Your Business Security Strategy

Today, security breaches and ransomware attacks are more prevalent than ever. With more professionals working remotely, organizations have increased securityRead More

2020 IT Operations Survey Results - Highlighs and Key Takeaways - Watch Now
2020 MSP Benchmark Survey Report