Two Sides of a Ransomware Threat Explored: Victims and Cybercriminals


Check Point Research (CPR) shows new data on the impact of ransomware attacks after analyzing the Conti group leaks and different data sets related to victims. Keep in mind that paying a ransom is only a small component of the real cost of such an attack, with the complete price estimated to be 7 times higher.

Within the damage suffered, it should be noted that cybercriminals demand an amount proportional to the victim’s annual income, which ranges between 0.7% and 5%. On the other hand, in 2021 the duration of the “blackmail” decreased from 15 days to 9 days. Check Point Research has also found that ransomware groups have basic rules to successfully negotiate with victims, which influences the process and dynamics of the transaction.

It’s clear that in recent years, ransomware has evolved into the most cumbersome type of cyberattack that businesses face. Moreover to affecting the day-to-day processes of organizations and disrupting business, this threat can have a enormous financial impact. In its most apparent form, crook gangs will demand a ransom payment, which can run into the millions of dollars. In this research, the extra hidden costs caused both during and after these types of threats were examined. The long-term losses suffered by victims are far greater than most might assume.

Ransomware attacks are now the most lucrative type of cybercrime, allowing crook gangs to make immense profits. Over the years, cybercriminals have refined their processes for defining extortion demands and have developed sophisticated negotiation techniques with victims, with the goal of demanding the highest level of ransom payment that the association can afford. To show a true picture of its two faces, that is, from the perspective of the victims and the criminals, Check Point Research has used the following sources of information to obtain monetary information for this research:

  • Victim Losses: Kovrr’s Cyber Incident Database includes data on past cyber incidents and their financial impact.
  • Profits of Cybercriminals: Information from Conti Leaks as a representative example of the monetary dynamics of cybercriminals.

Main conclusions

  1. Collateral cost: The ransom paid is only a small component of the price of the ransomware attack for the victim. Researchers estimate that the complete impact is 7 times greater than what you pay cybercriminals, and is made up of intervention and reset costs, legal fees, and monitoring payments.
  2. Sum of the demand: the amount of the ransom depends on the annual income of the company and ranges from 0.7% to 5% of the annual income. The higher the victim’s annual benefits, the lower the fee that will be required, since that percentage represents a higher numerical dollar value.
  3. Duration of the attack: the extension of the impact of an attack of this type has been significantly reduced in 2021, from 15 to 9 days.
  4. Negotiation Rules – Ransomware groups have well-defined ground rules to ensure successful negotiation with victims, which influences the process and dynamics of the transaction:
  • Accurate estimate of the financial position of the victim.
  • Quality of the exfiltrated data of the affected party.
  • The repute of the ransomware group.
  • The existence of cyber insurance.
  • The approach and interests of those who negotiate with the victims.

“In this investigation, we have provided an in-depth analysis from the perspectives of both the attackers and victims of ransomware. The key learning is that the ransom paid, which is the figure most research deals with, is not the decisive amount in its ecosystem. Both cybercriminals and those affected have numerous other aspects and related financial considerations. It is striking how systematic these cybercriminals are in defining the amount of the ransom and in the negotiation. Nothing is accidental and everything is defined and deliberate according to the factors that we have described. It should be noted that, for companies, the “collateral cost” is 7 times greater than the ransom they pay. Our advice is that it is essential to build adequate cyber defenses in advance, particularly a well-defined response plan can save organizations a lot of money” , warns Eusebio Nieva, technical director of Check Point Software for Spain and Portugal.

How to protect yourself from ransomware  

  • Have a robust data backup: The goal of the ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective whether the target actually loses control of their own information. Having a strong and secure data backup is an effective way to mitigate the impact of such a threat.
  • Cybersecurity training: Phishing emails are one of the most popular ways to spread these malware. By tricking a user into clicking on a link or opening a harmful attachment, cybercriminals can gain access to their computer and start the process of installing and running ransomware program on it. Frequent cybersecurity training is crucial to protecting the association.
  • Strong and secure user authentication: Enforcing a strong password policy, requiring the use of multi-factor authentication, and educating employees about phishing attacks designed to steal login credentials are critical components of an organization’s cybersecurity strategy. company.
  • Up-to- date patches: Keeping computer systems up-to-date and applying security patches, particularly those categorized as critical, can help limit an entity’s exposure to ransomware attacks.

Leave A Reply

Please enter your comment!
Please enter your name here