.png){kind=small}
Ransomware: An Ounce of Prevention is Worth A Pound of Cure
- Core Insights Advisory Services
- Feb 5, 2021
- 3 min read
Updated: Nov 15, 2022
From the Q3 2019 to Q3 2020, the average ransom payment increased by 500%, from $50,000 to nearly $250,000.
The Good news- the average payout did decrease by $100k in Q4 last year. The bad news- Most analysts agree this is due to the exit of the highly successful Maze cybercrime syndicate. The Ugly news? Fresh gangs have arrived on scene. And they come bearing gifts- continued and more effective pairing of crypto-locking ransomware with dedicated data leaking sites.
These new arrivals were just spinning up their new ransomware-as-a-service in December and their ransom revenue numbers are not yet known. As of last month, they made up a very small proportion of overall profits the syndicate gangs have extorted from their victims, especially when compared to the 84% dominance of the top six syndicates. Among the top performers was Maze, with over 20% of all successful attacks. Last year the ransomware market netted these vCriminals over $275,000,000 USD. Ruyuk made out with over $150 million but the next highest profitable was the Maze gang with about $70 million. The real numbers are likely much higher as vCriminals do not publicize their profits so we can only go on those victims who reported the extortion. Most victims do not report. With that group gone, a top spot at the syndication table will be vacated and it is expected to be hotly contested. So the sudden drop in December shouldn’t be cause for celebration of any sort. It is more likely the calm before the storm. More recent syndicate operators use dedicated data leaking sites for victim “name and shame” and gangs dumping all stolen data from non-payors to pressure future victims into paying the extortion to avoid the negative publicity and potential follow-on legal consequences.
Sadly, paying the ransom does not mean that you will get your data back. And for those who do regain it, the criminals you paid will also sell additional access they achieved to other ransom groups who will use it to quickly reinfect your systems for a second, even third ransom before all the access is discovered and removed and all vulnerabilities are closed.
Rapid and effective incident response is key. But more so is avoiding the incident in the first place. All cybersecurity experts and law enforcement agree. Prevention is the best defense to the ransomware threat. And the most effective means of prevention is to have a real and dedicated cybersecurity effort that is grounded with a solid foundation and participation in the business/organization.
Gartner analysts have concluded that all cybersecurity incidents, including ransomware attacks, are born from a disconnection between business decision making and accurate knowledge of business impact, which is always complicated by compliance, operations, profits, and budgets.
Decision making and effective cybersecurity plagues most businesses. To avoid becoming the next victim, executives ought to focus their attention on new ways to approach the business problem of cybersecurity. The first critical step is to create a business context around cybersecurity to develop an effective prevention effort that makes good fiscal sense.
Benjamin Franklin coined the saying that “an ounce of prevention is worth a pound of cure”.
If your organization is looking for this level of effective prevention, look for a team that can deliver business-oriented solutions that are considerate of your operations. If you are looking for a capable team that can help you build the prevention you desire, please reach out to us at Core Insights, Inc.