The monies also lead to bolder repeat attacks and across-the-board exacerbation of industry-specific cyber risks, according to one meta-analysis
Based on a cybersecurity firm’s customer ecosystem telemetry and other cyber incident data sets, it has been suggested that each ransom payment made to cybercriminals subsidizes six to 10 future cyberattacks.
While the risk of falling victim to ransomware varies across regions, sectors and organizational sizes, the data analyzed suggests that victims in some sectors and countries pay more often than others, meaning their peers are more likely to be targeted.
Other takeaway conclusions of the Trend Micro data include:
-
Protection against ransomware groups that use different monetization strategies requires different qualifications and resources.
For example, if the group is using a monetization strategy that combines deep profiling of a victim, several methods to monetize exfiltrated data, and blocking access to victim data through encryption, then the capabilities of threat actors and requirements for defenders are similar, and in some cases, more advanced compared to APT groups. For now, this is the most damaging business model in terms of the impact on victims.
-
The cost of a ransomware attack is normally significantly higher than the size of the ransom, which means that paying the ransom can increase the overall cost of the incident.
-
A real option to minimize impact is to shift left in the cyber kill chain, detecting and mitigating attacks long before they reach the encryption and data exfiltration stage. For defenders and policymakers, increasing the cost of operations for ransomware actors decreases both the number of an attacker’s potentially profitable targets and the profitability of the ransomware business model.
According to the firm’s Vice President of Threat Intelligence, Jon Clay: “Ransomware is a major cybersecurity threat to enterprises and governments today. It’s also continually evolving, which is why we need more accurate, data-driven ways to model ransomware-related risk.”