One Payment to Cyber Attackers Subsidises Nine Attacks


Trend Micro has published a new report warning that although only 10% of ransomware victims pay their extorters, they are enabling attacks on numerous other organisations by doing so.

Mick McCluney, Technical Director ANZ at Trend Micro: “Ransomware is a major cybersecurity threat to enterprises and governments today. It’s also continually evolving, which is why we need more accurate, data-driven ways to model ransomware-related risk. This new research aims to help IT decision-makers better understand their risk exposure and provide policymakers with the information they need to craft more effective and impactful strategies.”

The report delivers strategic, tactical, operational, and technical threat intelligence and leverages advanced data science to list various threat actor metrics.

These metrics can be used to compare ransomware groups, estimate risks, and model threat actor behaviours.

Key findings include:

  • The 10% of victims that agree to pay usually do so quickly and are generally being forced to pay more per compromise
  • Risk is not homogeneous – it differs across regions, sectors, and organisation sizes
  • Victims in some sectors and countries pay more often than others, meaning their peers are more likely to be targeted
  • Paying a ransom often only results in driving up the overall cost of the incident with few other benefits
  • Ransomware monetization activities are at their lowest in January and July-August, making these potentially good times for defenders to rebuild infrastructure and prepare for future threats

The report reveals that by prioritising protection left of the kill chain, continuing in-depth analysis of the ransomware ecosystems, and focusing global efforts on reducing the percentage of victims paying, industry stakeholders could help drive down ransomware’s profitability.

The insights revealed in this report can also enable decision-makers to better assess possible financial risks stemming from Ransomware. This would help:

  • IT leaders to justify bigger budgets for ransomware defence
  • Governments to budget more accurately for restoration services and law enforcement
  • Insurers to price policies more accurately
  • International organisations to compare Ransomware more accurately to other global risks