State of the Ransomware Market

We are in the midst of a digital pandemic. The FBI has reported a 400 percent increase in cyber attacks since the start of COVID-19. The average ransomware payment now stands at $1.85 million per incident. It’s not a question of if an organization will get hit with a ransomware attack, but rather a question of when.

A Brief History of Ransomware

Ransomware became a prominent threat to government agencies, large enterprises, small and medium businesses, and nonprofit organizations in the mid-2000s, when Ransomware-as-a-Service (RaaS) emerged in 2016. However, ransomware dates back to 1989 when the first documented attack, known as the AIDS trojan, targeted global healthcare organizations and research institutions.

The ransomware virus was distributed on 5.25-inch floppy disks. According to The Atlantic , when participating scientists loaded the floppy disks, their computers became infected with what would come to be known as a digital version of the AIDS virus. It lay dormant until the 90th boot, when an angry red message splashed across the screen. The cyber criminals wanted a ransom payment to release the computers.

We’ve come a long way since 1989. The occurrence of ransomware attacks has increased dramatically, and they have become more sophisticated and complex. However, the devastation and turmoil that they cause has remained consistent.

Ransomware Wp Image Page 9 Min

In 2019, nearly 56 percent of organizations across multiple industries reported a ransomware attack. Currently the average cost for a data breach in the United States is roughly $9.05 million, up from $8.64 million in 2020 . Ransomware attacks are estimated to cost the global economy $265 billion in 2031. Ransomware is its own epidemic, with a new attack every 11 seconds.

Current Ransomware Gangs

For more than a decade, LookingGlass has been monitoring and identifying cyber threats. We have recorded an increasing number and severity of cyber attacks, including threat actors leveraging ransomware.

Ransomware gangs have been growing in number and severity. Because of the increased attacks, LookingGlass actively tracks ransomware threat actors and monitors their movement and digital footprint using our scoutPRIME solution.

LookingGlass identified the following ransomware groups as key actor groups to be aware of; these groups regularly hack organizations, publish data, and launder money:

FIN7: Also known as Carbanak, Carbon Spider, and Anunak, has a track record of striking restaurant, gambling, and hospitality industries in the U.S.

FIN12: Specializes in targeted attacks on the healthcare sector.

TA505: Also known as Evil Corp, Dridex gang or INDRIK SPIDER, has been active since 2014 (some reports say as early as 2007) and it is known for distributing the Dridex malware.

FIN11: Is a financially motivated hacking group behind large, long-running malware campaigns.

Gold Southfield: Also known as Pinchy Spider, is the criminal group behind the development of the ransomware most known as GandCrab and REvil/Sodinokibi.

LockBit Gang: Is a RaaS group that writes and distributes its malware through partners. Often overlooked, the group is responsible for many global ransomware attacks since 2019.

DarkSide: Is an emerging and commercially savvy ransomware group.

Find Out More…

These are just a few of the ransomware gangs that have gained notoriety recently. For more information about each gang, their typical victim sectors, and the threats they present to enterprises, download our State of Ransomware white paper.

Organizations can use this information to better understand ransomware actors and trends and cyber defense recommendations. Get the report here.