asset thumbnail
Research Reports

Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model

Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model

Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target.

Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

  • The financial impact of ransomware is enormous. Estimates vary, but the total costs are likely to be in the excess of billions of dollars.
  • Ransomware is one of the few criminal business models where the same attack could harm a fortune 500 company, a local restaurant down the street and your grandmother.
  • Defending against ransomware attacks is similar to other malware, but well prepared organizations stand a much better chance at limiting the harm they cause.
  • The cryptocurrency Bitcoin has provided a payment mechanism which is fueling the success of this scheme. The payment mechanisms early forms of ransomware relied on have been shut down or forced to regulate their payments, but Bitcoin has no central authority which law enforcement can take action against.
  • Thus far, ransomware attacks have primarily targeted Windows based systems, but attackers have begun branching out to target other platforms.
  • Until organizations around the world adopt a prevention mind-set and stop paying ransoms to retrieve their data, this criminal scheme will continue to threaten all Internet connected devices.



Stay two steps ahead of threats

As a member we will keep you informed. Get exclusive invites to events, Unit 42 threat alerts, and the latest cybersecurity tips.