Skip to main content

Ransomware is now a multi-billion-dollar industry

ransomware
(Image credit: Image Credit: WK1003Mike / Shutterstock )

Despite some of the most prolific ransomware operators eithering retiring or being shut down by law enforcement, the sector continues to grow in sophistication and scale.

This is according to a new report from cybersecurity company Group-IB, which claims ransomware is now a multi-billion-dollar industry, with the average payout sitting somewhere between $150,000 and $170,000.

As reported by Bleeping Computer, massive pay-outs up to $1 million (in some cases even $2 million) are no longer quite as rare and also encourage new actors into the market. In one particular case, a company paid out $34 million in ransom fees.

Analyzing more than 500 attacks, Group-IB found that Conti, Egregor, and DarkSide were the new ransomware strains to make names for themselves in 2020. Both Conti and Egregor quickly rose up the list of most prolific ransomware threats. Ryuk, once a major ransomware threat, is absent from the list after merging with Conti.

The Ransomware-as-a-Service (RaaS) model is growing even more popular, with almost two thirds (64 percent) of all observed attacks in 2020 using this approach. Once hacking groups have breached a network, they rent out a ransomware operator’s services in exchange for a share of the ransom.

Typical dwell time (time between initial infection and data encryption) is 13 days, and it takes the victim roughly 18 days to resolve downtime and eliminate the threat.

Ransomware is expected to continue on its current growth trajectory, the report concluded. As it turns into a “bruiser market”, actors will turn to Linux variants and evolve their techniques to become even more devastating.