How much ransom are cybercriminals asking for-

Welcome to the new 118 cyber warriors who joined us last week. Each week, we'll be sharing insights from the MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

How much ransom are cybercriminals asking for-

Our weekly delivery of insights from the cybersecurity sector – including exclusive interviews with experts from the global MEA community.

This week we’re focused on…

How much money threat actors are asking for when they execute ransomware attacks.

Ransom sums can vary wildly

At time of writing, the attackers who used breached credentials to target customers of Snowflake cloud storage system are demanding payments from those victims (totalling at least 10 companies) of between USD $300,000 and $5 million.

According to the State of Ransomware 2024 report from Sophos, the average ransom payment has increased by 500% over the last year. Organisations surveyed for this report disclosed average payments of $2 million (up from $400,000 in 2023). And that’s before the cost of recovery after an attack – which reached $2.73 million.

Attackers are seeking large payoffs – but that doesn’t mean they’re only targeting companies with the highest annual revenues. While 63% of ransom demands from 2023-24 were for $1 million or more, and 30% were for more than $5 million, nearly half (46%) of organisations with revenue of under $50 million received a ransom demand of seven figures.

Not all ransomware groups are making such expensive demands, though. The Phobos strain, for example, yielded median ransom payments of under $1,000 in 2023 – with a strategy of high frequency attacks against smaller entities, and leveraging a ransomware-as-a-service (RaaS) model to support the volume of attacks.

So how does an attacker decide how much to demand?

2023 was a record-breaking year for ransomware attackers, exceeding $1 billion in extorted cryptocurrency payments from victims.

Ransomware groups increasingly operate very much like legitimate businesses – and like a legitimate business, they take into account a range of different factors when they’re deciding what they need their ROI-per-attack to be.

Those factors might include:

Location. Demand sums may be adapted to geographical locations and local economies – with higher demands in country’s with robust economies, for example.
Industry trends. Just like legitimate industries, there are trends in ransomware attacks – and attackers may choose ransom sums that fit with current trends.
The financial capacity of their targets. Ransomware groups focused on high-revenue targets will demand higher sums, while those (like Phobos) with lower-revenue targets will demand smaller sums – but from a larger number of victims.
The perceived value of the stolen data. When attackers are able to steal highly critical or sensitive data, they’re more likely to demand a larger ransom sum.
The potential impact of the breach, and the urgency of that impact. When an attack causes significant disruption to business operations, threatens to expose highly sensitive data, or could destroy the target’s reputation very quickly, then the attacker might demand a higher ransom – knowing that the victim is more likely to concede.
The attacker’s negotiation strategy. Some attackers start high and expect to engage in negotiations. Others set their rate and leave it at that – so they might go in a little lower.
Whether or not the victim has cyber insurance. If the attacker believes the victim is insured, they might aim to match their ransom sum with the amount they believe the insurance will cover.
The attacker’s profit margins. Because yes – just like a legitimate business, ransomware groups have profit margins. They’ll take into account operational costs to make sure their ransom demands will drive profit.

The attack group’s goal is to maximise profits

They want to make money. And they have to balance this with a touch of reality – keeping ransom sums within a range that they have reason to believe a victim can or will pay.

Ransom sums can vary wildly. But broadly speaking, they’re on an upward trajectory.

What are the factors you think are affecting ransom sums in 2024? We want your perspective. Open this newsletter on LinkedIn and tell us in the comment section.

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 17 July 2024.

Catch you next week,Steve DurningExhibition Director

Join us at MEA 2024 to grow your network, expand your knowledge, and build your business.

你可能想看：

4.5 Main person in charge reviews the simulation results, sorts out the separated simulation issues, and allows the red and blue teams to improve as soon as possible. The main issues are as follows

2. The International Criminal Police Organization arrests more than 1,000 network criminals from 20 countries, seize 27 million US dollars

Do cybercriminals collaborate and build community-

(3) Is the national secret OTP simply replacing the SHA series hash algorithms with the SM3 algorithm, and becoming the national secret version of HOTP and TOTP according to the adopted dynamic factor

5. Collect exercise results The main person in charge reviews the exercise results, sorts out the separated exercise issues, and allows the red and blue sides to improve as soon as possible. The main

2021-Digital China Innovation Competition-Huifu Cybersecurity Track-Final-Web-hatenum and source code analysis and payload script analysis

In today's rapidly developing digital economy, data has become an important engine driving social progress and enterprise development. From being initially regarded as part of intangible assets to now

04／7 The systematic security risks of outsourcing and crowdsourcing are no different from those of formal employees

Cybercrime has shifted to social media, with attack volume reaching an all-time high.