Ransomware As A Service Grows While Victims Mostly Pay Up

Ransomware As A Service Grows While Victims Mostly Pay Up

Ransom is what crime victims pay when criminals take hold of something of value and refuse to release it without receiving something of value. Kidnapping is the crime most closely associated with ransom demands.

But the high-tech world and internet connectivity now make it possible for someone to “kidnap” your digital information and hold it for ransom. The criminals are so thorough that many will review vulnerable financial documents to determine who has access to significant amounts of money.

If the victim claims there is no money available, the cyber thieves post copies of pilfered financial documents as proof that the victim can pay. Ultimately, most of the victims of ransomware attacks wind up paying a ransom to get their computers and systems unlocked.

Rising Rates of Ransomware Attacks

If you’ve asked yourself, “what is ransomware”, the short explanation is that it is a way to hold someone’s computer system hostage. Hackers infiltrate the system and lock it down so that its owners and clients cannot access the system. They only gain access by paying the ransom demand.

The world of ransomware piracy is getting bigger and making computers everywhere more vulnerable to attacks. A recent report by the CyberEdge Group says that about two-thirds of all ransomware victims pay the ransom to restore access to their computers and computer systems.

CyberEdge surveyed 1,200 security professionals regarding their respective handling of ransomware attacks. The survey shows that 63 percent responded to ransomware attacks by paying a ransom. The ransoms often are paid due to concerns regarding:

  • Potential exposure of stolen data.
  • Greater potential to recover lost data.
  • Cost of data recovery.

The ransom sums can be very high but also vary greatly. The cyber thieves try to demand ransom amounts that are payable and encourage cooperation instead of stubborn refusal. With nearly two-thirds of all ransoms paid, the cybercriminals are emboldened to expand their operations.

CyberEdge says that about 55 percent of organizations suffered ransomware attacks in 2017. The percentage grew to 71 percent of organizations in 2021. And with high success rates for the criminals, Ransomware as a Service (RaaS), is growing in popularity among cybercriminals.

How the RaaS Business Model Works

The RaaS business model has become very sophisticated. It starts with computer programmers, hackers, and software creators working on new ways to spread their ransomware. Studies show that Russia is the nation where most of the RaaS organizations are located. Activity spiked just prior to the recent Russian invasion of Ukraine.

The cyber thieves work in teams that include negotiators who act as intermediaries with the ransomware victims. After a ransomware attack takes hold, the negotiators are the ones who handle the actual ransom transaction. The negotiators are there to facilitate the payment of significant amounts of money.

The negotiators also enable the intended victims to obtain a resolution without having to go through the higher expense of rebuilding the lost data. After all, that would defeat the entire purpose of sending the ransomware. It also would remove the profit incentive for the criminals.

So the negotiators enable the victims to recover their data for significantly less than it would cost to lose the data and start from scratch. And the negotiators enable the RaaS groups to profit from their criminal activities.

The 2022 Unit 42 Ransomware Report says the average ransom payment in 2021 was $541,000. The victims usually are located in the United States, and the criminals initially demanded an average of $2.2 million in ransom. So the negotiators are enabling the RaaS criminal organizations to collect about a fourth of what they are demanding from their ransomware victims.

The average demand amount is rising swiftly. In 2020, Unit 42 reported the average demand was about $906,000, and the average payment was more than $303,000. So the average demand more than doubled while the average payment to recover data rose by about 75 percent in one year.

How Does Ransomware Infect Your Computer System?

Ransomware attacks start with the infection of your computer or network. Malware generally is the cyber tool used to defeat security barriers and take hold of your system. The ransomware tools enable hackers to obtain passwords and bypass security firewalls. And the malware usually is downloaded unknowingly by someone using a protected computer or network.

Malware can be beaten with the latest security software programs, but the RaaS groups continually work to defeat them. So the security systems must continually evolve to thwart the growing threat of ransomware attacks.

When the struggle is ongoing, the security specialists will have the upper hand at times, but so will the ransomware creators at other times. Due diligence is the best way to thwart the problem.

About the author


Steven Ly

Steven Ly is the Startup Program and Events Manager at TheNextHint Inc. She recruits rockstar startups for all TC events including Disrupt, meetups, Sessions, and more both domestically and internationally. Previously, she helped produce Dreamforce with Salesforce and Next '17 with Google. Prior to that, she was on the advertising teams at both Facebook and AdRoll, helping support advertisers in North America and helped grow those brands globally. Outside of work, Priya enjoys Flywheel, tacos, the 49ers, and adventuring around the globe.

Add Comment

Click here to post a comment

Your email address will not be published.

Subscribe us

Please wait...
Want to be notified when our article is published? Enter your email address and name below to be the first to know.