The Ransomware Ecosystem

At the RSA Conference in 2020, Joel DeCapua, a supervisory special agent with the Federal Bureau of Investigation (FBI), revealed that ransomware groups had collectively earned over $144 million from 2013 through 2019, which was considered a staggering number at the time. However, in 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, nearly five times more than in the previous six years combined. These numbers are likely undercounts of the true figures because of a lack of insight into the cryptocurrency wallets used by all of the ransomware groups along with delays in receiving such data. However, these numbers underscore one undeniable fact: ransomware has cemented itself as one the greatest threats to global organizations today — and it has become a lucrative criminal ecosystem in the process.

Advanced persistent threat (APT) groups have long been considered by many to be the most dangerous threat to organizations. These groups focus more on cyberespionage and are less financially driven, which limits their scope to a targeted set of organizations and governments. Meanwhile, threat actors in the cybercrime world are primarily motivated by financial gain because, as rapper DJ Quik says, “If it don’t make dollars, it don’t make sense.”

In Tenable’s 2021 Threat Landscape Retrospective report, the Security Response Team determined that at least 38% of all data breaches in 2021 were the result of ransomware attacks, compared to 35% in 2020. In the healthcare sector, ransomware represented 36.2% of breaches, while it represented 24.7% of breaches in education. This doesn’t mean ransomware is any less prevalent in other sectors. However, because of the stringent reporting requirements for healthcare organizations in the United States, it is no surprise that the bulk of ransomware attacks are reported in that sector. A recent survey by Sophos found that 66% of businesses reported experiencing a ransomware attack in 2021. In reality, no organization is truly safe from ransomware, as large to small organizations are fair game.