Who Pays All of These Ransoms, Anyway?

Taking down corporate networks for cash is quickly becoming a dangerous career. Just last week, the FBI elevated ransomware to a threat level equivalent to terrorism.  While that might make some people think twice about joining a cybercrime ring like REvil or GandCrab, they’re still not having any trouble finding recruits.

Ransomware is prevalent because it’s so lucrative.  There’s a major financial windfall from each successful attack – depending on who you ask, the average attack yields somewhere between $200,000 and $325,000.  Companies pay quickly, too – ransom money often lands in criminals’ bank accounts within hours of the ransomware’s activation.  There’s no great estimate, but ransomware rings have likely “earned” more than $1 billion in annualized revenue so far this year.

The businesses paying these ransoms are fueling the explosive growth of cybercrime.  That’s because hackers are funneling those ransom payments into software development and recruitment so they can grow their “market penetration” (which in this case means successfully targeting more and more businesses with data theft and encryption).

Who’s to Blame?

So which companies are paying these huge ransoms?  You may recognize a few of their names from the news.

Gas pipeline operator Colonial quickly made major news as gas pumps went dry across the southeast.  Their public image didn’t improve when it was revealed that they paid a $4.4 million within hours of their network going down.  But their CEO was quick to admit the payment and made a compelling case for why he did it.  The network outage was causing a national crisis, and he needed to get the pipeline back online as quickly as he could.

Two weeks later, Bloomberg reported that insurer CNA Financial paid $40 million.  Even ransomware insurance provider AXA paid a ransom recently. Embarrassingly, that payment came just weeks after the company announced they’d no longer write policies that reimbursed ransom payments for their French customers.  (The demand of AXA was $20 million, although it’s unclear what they ultimately paid.)

The reality is that many impacted companies judge paying the ransom to be the better business decision, even if it’s not great for public relations.  That’s no accident –the hackers are smart enough to read company financials before encrypting them.  They know exactly how much to demand if they want to get paid quickly.

And they very often do.  The estimated percentage of companies who pay ransom demands ranges from 30% to 50%. Either of those statistics are high enough to fund rapid growth.  But as long as companies are able to pay the ransom, and it’s in their best interests to do so, many will continue do it.

That’s left governments scrambling to ensure that ransom payments are not in a company’s best interest.  AXA didn’t stop issuing policies covering French ransom payments by choice – they did so under pressure from the French government.  And the United States has set up its own legal framework to discourage ransom payments, with the Office of Foreign Assets Control warning that paying a ransom to a sanctioned entity could lead to criminal liability.  OFAC has already sanctioned one cybercrime ring and could easily add others, leaving victimized business owners to choose between bankruptcy and the threat of time behind bars.

With governments and cybercriminals both escalating the threats on victimized businesses, the only clear choice is to do what you can to avoid being put in the situation in the first place.

To learn how WingSwept can help you protect yourself from a growing range of cyberthreats, call us at 919-779-0954 or email us at Team_WingSwept@WingSwept.com and ask to learn about our enhanced cybersecurity services.