The Ransomware Economy is boomingWe all know money is the motivating force behind cybercrimes like the creation and distribution of ransomware. The interesting twist with ransomware is that the basic rules of supply and demand become a little hard to follow. Typically you have a buyer and a seller. In this case, the distributor—or supplier—have to steal what’s in demand—your data.

Cybercriminals create the demand by restricting access. Victims realize they need access and­—if they cannot get access themselves by restoring critical files from backup—they end up paying the ransom and fueling this economy. This applies to online consumers, small business owners, and CEOS—they have all paid to retrieve data.

It is interesting to consider the ransomware economy in the following five segments:

  1. Investment

    Cybercriminals leasing ransomware can obtain it for as little as $39 and as high as $3,000 depending on which type is purchased. They must then distribute it. Distribution costs include time spent creating and sending emails. According to Trustwave, an IT security team that spent time trying to dissect the ransomware economy, it would cost about $2,500 to spread 2,000 infections once you factor in the time to send emails and compromise sites.

  1. Pricing

    Ransom demands in the United States have been known to be several hundred dollars higher than the same variant in Mexico or other countries with lower median incomes than the U.S. Ransomware authors have researched regions and incomes—and they understand that they can only charge what the market will bear. They also consider the bitcoin exchange rate when determining the ransom demand. This helps cybercriminals set a ransom that victims can afford to pay regardless of which country they originate. In the U.S., the average ask is between $300 and $500, according to many industry sources.

  2. Target market

    The target market consists of consumers and companies that retain important or business-critical information and can pay the ransom. Unfortunately, these people also typically aren’t adhering to IT security best practices. Hospitals and other healthcare organizations are a favorite target for cybercriminals because of the pressure to pay up quickly, rather than risk patient health.

  3. Revenue

    Estimates as to how much has been paid in ransom tend to be conservative because many payments are undisclosed. That said, The U.S. Departments of Justice Internet Crime Complaint Center received reports of ransom payments totaling $24 million in 2015. Moreover, in July 2016, ransom payments for Cerber ransomware alone totaled $195,000 for the month. However, the market is growing exponentially, and the FBI has said ransomware costs could total $1billion this year.

  4. Competition

    The relatively low barrier to entry has resulted in fierce competition among cybercriminals. Some authors and cyber-extortionists have even adopted higher levels of professionalism to make it easier for victims to pay up. In an interesting angle to the supplier side, ransomware kits are readily available and come with simple instructions, meaning that distributors can sell ransomware to new, smaller distributors—as long as they are guaranteed a piece of the profits.

The ransomware economy is booming, and returns are high. That means you can expect the number of attacks to continue rising. Protect yourself by having adequate backups in place before an attack occurs. Test your backups to ensure that the right data is being protected and can be restored within satisfactory time frames. Also, ensure that a backup copy is kept in a different location from production data so that ransomware does not infect both at the same time.


This post is Part 1 of 4 of a series discussing Ransomware: Part 2: The Psychology Behind Infamous Ransomware, Part 3: The 6 Phases of an Advanced Ransomware Threat, and Part 4: A Timeline of Ransomware Advances.  To learn more about what ransomware is and how it is distributed, please visit our blog post The Five W’s (and How) of Ransomware.