Other takeaway conclusions of the Trend Micro data include:

• Protection against ransomware groups that use different monetization strategies requires different qualifications and resources.

  For example, if the group is using a monetization strategy that combines deep profiling of a victim, several methods to monetize exfiltrated data, and blocking access to victim data through encryption, then the capabilities of threat actors and requirements for defenders are similar, and in some cases, more advanced compared to APT groups. For now, this is the most damaging business model in terms of the impact on victims.

• The cost of a ransomware attack is normally significantly higher than the size of the ransom, which means that paying the ransom can increase the overall cost of the incident.

• A real option to minimize impact is to shift left in the cyber kill chain, detecting and mitigating attacks long before they reach the encryption and data exfiltration stage. For defenders and policymakers, increasing the cost of operations for ransomware actors decreases both the number of an attacker’s potentially profitable targets and the profitability of the ransomware business model.