Close this search box.

Are Billion-Dollar Ransoms Only a Matter of Time?

The author

It’s no secret that the sums demanded by ransomware extortionists have become more outrageous over the last three years.

Ransomware started out as a crime against home users, with ransoms in the tens to hundreds of dollars at most.

Then criminals discovered small- and medium-sized businesses, and ransoms shot up into the hundreds of thousands. By the time enterprises started toppling, ransoms reached into the millions, leading to crazy speculation about whether once unthinkable billion-dollar demands could be in our future.

Certainly, evidence for spiraling ransom inflation isn’t hard to find, with the recent attack on TransUnion South Africa by Brazilian threat group N4ughtysecTU resulting in a reported $15 million demand. This sort of number is now commonplace for the biggest attacks.

Of course, what matters isn’t how much attackers ask for, but how much they get paid, both on average as well as the maximum payouts. Unfortunately, on that score things don’t look terribly positive either.

Officially, the record ransom is the $40 million insurer CNA Financial paid out in March 2021, ahead of the $11 million meat processor JBS paid attackers only weeks later. When you consider that the attackers demanded $60 million from CNA, perhaps the company saw what it paid as getting off lightly.

Ransomware Negotiations

Meanwhile, according to Palo Alto’s Unit 42, the average ransom demand in 2021 was $2.2 million, a 144% rise compared to the previous year’s $906,000. The average payment was $541,000, up from $304,000.

Clearly, as one might expect, payouts are much lower than demands. Some victims refuse to pay while others pay but negotiate the price down. But what is driving the consistent rise in demands, which edges up payments? Presumably, there must be a ceiling on these, even if we’ve not reached that point yet.

If the Unit 42 report offers any clues, the biggest is simply the success of a small number of very brazen groups which set the industry standards.

For example, an extraordinary one in five of all attacks tracked by Unit 42 was the handiwork of a single group, Conti, with REvil accounting for 7%, followed by Hello Kitty and Phobos at around 4% each. This sort of activity suggests Conti’s claim on its dark web site to have breached 511 organizations wasn’t a bluff.

Indeed, the tactic of naming and shaming breached companies has become standard operating procedure, with 2,566 organizations having proof of compromise data posted on public sites during 2021—an 85% increase in 2020.

One effect of the inflation in ransom demands is that it is increasingly cost-effective for victims to hire specialized ransomware negotiators to hack out a discount from the attackers.

Reportedly, in 2021 at least two dozen companies sprang up offering to act as intermediaries, while insurers will also get involved if asked (see’s recommendations regarding this topic).

Where Are Ransom Demands Headed?

Right now, it’s as if each outrageous demand is acting like a ratchet, setting a new ceiling for what gangs think they can get away with. Ironically, when it comes to the cost of ransomware attacks, the headline ransom is probably not the biggest worry. Far bigger are the remediation costs, which now run into millions even for relatively modest attacks, on top of which must be factored reputational, regulatory, and legal costs.

There is plenty of evidence that these costs are rising even more precipitously than ransoms, which raises the disturbing possibility that awareness of the financial damage of an attack might itself be encouraging ransom gangs to up their demands. After all, what self-respecting criminal asks for $1 million when the full cost of the same attack might reach 10 or 20 times that sum?   If there’s a note of optimism in this, it’s that this should work against the possibility of billion-dollar ransoms: as cleanup costs soar, no organization could possibly afford it.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.


Share via
Copy link
Powered by Social Snap