Despite an unprecedented amount of domestic and international initiatives to counter ransomware activity, ransomware actors continue to grow and attack an increasing number of enterprises. Clearly, the governments' enforcement and initiatives are not working right now. Why is that?

The primary reasons for this are because the profits ransomware actors generate are too high and the risks are too low. There are practically no barriers to entry for individuals to participate in the ransomware industry. Overall, the economics of cyber criminal activity are far too compelling to combat without disrupting the economics of the entire industry.

Ransomware Risk Factors

To get an idea of how big the threat of ransomware is in 2021, we have compared it to the 1992 Columbian cocaine cartels.

Ransomware in 2021 Cocaine Trafficking in 1992
Revenue/Unit $140,000/attack $60,000/kilo
Operating Costs/Unit $2,500/attack* $5,000/kilo
Profit Margin 98% 91%
Arrests/Unit .0008** .50
Deaths/Unit 0 .25
Barriers to Entry None Very High
*Estimate based on reported costs of network access credentials, and number of hours a threat actor expends on the average attack
**Estimated roughly 25,000 ransomware attacks of impact in 2020. Research found evidence of less than 20 total arrests globally.
Source: https://www.coveware.com/blog/2021/10/20/ransomware-attacks-continue-as-pressure-mounts

As seen in the table above, cocaine trafficking in 1992 and ransomware in 2021 share around the same profitability margin with both having over 90% profit margin. However, currently, ransomware is far more attractive to get into when people consider the risk factors involved.

Ransomware – while having a similar profit margin to cocaine trafficking – has a low rate for arrest and no risk of death. Getting arrested for cocaine trafficking in 1992 was 625 times more likely to happen than getting arrested for initiating a cyber attack in 2021. Meanwhile, with little to no physical interaction with law enforcement, these cyber hackers face nearly no risk in receiving injuries through violence.

With a low risk for arrest and injury, ransomware actors face practically no risk when carrying out their attacks. As a result, the cyber criminal industry has been attracting more actors every day. Furthermore, with the growing number of actors, the supply for cybersecurity experts is unable to meet the demands to combat the cybersecurity risks.

Need for Cybersecurity Experts

Currently, many companies are lacking highly educated cybersecurity experts who are ready to combat ransomware attacks. Therefore, the demand for cybersecurity professionals is expected to grow by 32% by 2028. However, the supply for highly trained and educated cybersecurity experts is lacking. This is especially the case because companies typically search for cybersecurity professionals with at least 3-5 years of experience.

The lack of cybersecurity experts has left many companies without the necessary capabilities to deploy an effective cybersecurity plan. As a result, many organizations are facing cyber risks without fully developed security protocols to defend against cyber attacks.

Continuous Growth of Ransomware

In the same way the cybersecurity job market is growing, ransomware has also only continued to grow. Over the past few months (and years), many attacks have been high-profile such as attacks on the Colonial Pipeline, JBS Foods (the world's largest meatpacker), Acer, and many other well-known/high-profile organizations. In particular, several U.S. companies and organizations have had to shut down their critical infrastructure, resulting in shortages and increased cost of goods/services. On the company's part, there were financial loss caused by the shutdown of operations and payment of the ransom to hackers.

The FBI has provided a Ransomware Prevention and Response for CISOs. In this document, the FBI highlighted that organizations should "not pay [ransomware] under any circumstances." However, despite this recommendation, the Harvard Business Review has found that the amount companies paid to hackers grew by 300% since 2020.

Remote Work Increases Risk

Not only are the ransom payments higher, but there has also been an increase in frequency of cyberattacks. This increase in cyberattacks and ransom payments are likely due to the increase in remote work caused by the pandemic.

Since the start of the COVD-19 pandemic, many organizations had to shift to remote work. This sudden change led to many organizations not having sufficient security measures. As a result, many organizations needed to combat the higher cybersecurity risk involved with remote work.

Conclusion

Ransomware is one of the highest threats in the cybersecurity sector. Therefore, you should always be prepared to defend and react against ransomware attacks. Even if you do not have a full team of cybersecurity experts to combat an attack, all staffs in your organization should understand how to avoid getting caught by a ransomware attack. You should also prepare your organization by implementing a Ransomware Response Plan to minimize all potential damage caused by a ransomware attack.

If you found this blog useful, please share with others: