This week’s JBS attack saw the latest case of corporate cyber attack take over headlines all over the world, and it culminates a year that has seen digital ransomware activity rise to new heights during the pandemic. This recent spike, however, is but a continuation of a recent trend. Indeed, in both 2018 and 2019 ransomware insurance claims increased by over 100%. These attacks are not only more frequent, they are also more audacious in their demands. Back in 2019, the typical ransom demand averaged less than $10,000. This figure has been increasing alongside the success of the actors, and it culminated with CWT’s $4.5M payout in 2020 (followed closely by Colonial Pipeline's rumored $4.4M payout to restore its operations last month).

Figure 1: Propensity to be hit by ransomware across different industries (Source: Sophos)

Retail and education organizations are still the most common targets, notes one recent report, but ransomware agents, according to another study, are becoming more selective about their targets. The pandemic saw a rise in healthcare sector attacks, for example, and manufacturing and government are increasing favorites given their sensitivity to downtime and public impact, respectively. Ransomware is also beginning to shift to blended “extortion-and-ransomware” attacks, notes the first report:

Here, in addition to encrypting local files, the ransomware steals copies of sensitive files and the gang threatens to make the documents public unless the ransom is paid. When the ransom has not been paid, some firms have seen their data auctioned on the dark web with prices ranging from $5,000 to over $20 million. According to IBM, the ransomware gangs are targeting the ransomware amounts to the specific firm. Known ransoms ranges from 0.08 percent of annual revenues to as high as 9.1 percent.

As common as ransomware is, the exact nature of the threat is often not fully understood outside the technical community. Yet understanding both the nature of ransomware attacks and their constituent elements is a priority for leaders outside of the cybersecurity function. Unfortunately, most of the general press discussions of ransomware are, understandably, superficial, and most of the academic literature is too complex for non-technical audiences. However, a recent survey of the subject by Masoudeh Keshavarzi and Hamid Reza Ghaffary (Islamic Azad University) provides a thorough and helpful overview of what ransomware is and how it works.