White Paper: Inside Complex RansomOps and the Ransomware Economy

Ransomware operations have transformed dramatically over the last few years from a small cottage industry conducting largely nuisance attacks to a highly complex business model that is extremely efficient and specialized with an increasing level of innovation and technical sophistication. 

RansomOpsAccording to recent reports, the global volume of ransomware operations reached 304.7 million attacks in the first half of 2021–a year-over-year increase of 151%, and 100k+ more attack attempts than in all of 2020. 

Research by Cybersecurity Ventures estimated a ransomware attack occurs about every 11 seconds. That translates to about 3 million ransomware attacks over a year.

In 2021, the average ransom payment was $570,000, a 518% increase from 2020. For perspective, this average is relatively low compared to recent ransom demands that have hit as high as $50 million dollars or more.

Several factors have contributed to the maturation of ransomware operations, resulting in a significant surge in ransomware attacks with record-breaking ransom payouts. 

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands. 

These more complex ransomware operations, or RansomOpsTM involve highly targeted, complex attack sequences by sophisticated threat actors. 

The burgeoning Ransomware-as-a-Service (RaaS) industry has also lowered the technical bar for many would-be attackers by making complex attack infrastructure available to low-skilled threat actors.

Ransomware is an extremely lucrative business model with little-to-no risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand swiftly under the assumption it will return business operations to normal, and we have a big problem with no easy remedies. 

This has created a gold rush in the cybercrime world, spawning an ecosystem of technologies and services that support these illicit operations, creating a larger Ransomware Economy that flourishes much like any legitimate emerging market sector.

This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks.


Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed