Why does ransomware remain stubbornly popular? One reason is incredibly obvious, and you’ve no doubt thought of it already. Another reason is more subtle, but no less important.That’s the takeaway from this old-ish (in Internet terms, that means late October 2021) blog from incident response company Coveware. It was in their quarterly report, and when I saw it, I couldn’t nod my head strongly enough in agreement with its conclusions.
The basic gist of its summary on ransomware is that attacks are increasingly common and increasingly expensive because of the most simple reason of all: the huge potential payoff for the tiny potential risks. In short, ransomware can make you obscenely rich, and there’s little chance you’ll wind up in jail for it.
Or dead. The Coveware article compared the criminal ransomware industry to the criminal cocaine trafficking industry of Colombia in the early 1990s. Here’s the key paragraph, the one that caught my eye:
Cocaine trafficking in 1992 and ransomware in 2021 share similar profitability metrics; both activities carry +90% profit margins per unit. The major difference lies in the risk taken by the actors. In 1992, every 2 kilos of cocaine trafficked resulted in 1 person arrested. Every 4 kilos of cocaine trafficked resulted in 1 person being killed. Ransomware carries an infinitesimal fraction of the risk. Ransomware arrests are extremely rare relative to trafficking. A trafficker in 1992 was 625x more likely to get arrested than a ransomware actor in 2021.— Coveware, Quarterly Report, Oct. 2021
Add to this incredible paragraph that ransomware has an even higher profit margin than cocaine trafficking—98% to 91%—and the rationale for breaking into the ransomware industry becomes a no-brainer for those with lacking or malfunctioning ethical machinery.
The report mentions that the risk of physical injury is also nonexistent for ransomware actors vs. cocaine-involved actors, and the appeal gets even stronger.
The good news is that recent events may be changing that risk calculus, even if slowly. Law enforcement is stepping up, and governments are starting to get more involved as well. For instance, John Dunn reported earlier this year about notorious ransomware gang REvil, which had 14 members arrested. In another case, two alleged criminals were arrested by U.S. authorities after attacks, including the high-profile Kaseya ransomware incident.
Still, a Google search for ransomware-related arrests doesn’t turn up a lot of information, indicating that it’s still an uncommon result. And until the consequences get more serious, or the ransomware payouts get much smaller—the opposite of trends at present—expect to see this scourge continue unabated.