Back to Newsroom

Cybereason Report: Complex RansomOps Fuel Explosion in 2021 Ransomware Economy

Apr 12, 2022

Cybereason, the XDR company, today published a new report, titled RansomOps: Inside Complex Ransomware Operations and the Ransomware Economy, which examines how ransomware attacks have evolved from a cottage industry less than 10 years ago into a multi-billion dollar business today. With increasing sophistication behind RansomOps attacks, ransomware syndicates are reaping the benefits with record profits, making it open season on public and private sector organizations of all sizes.

Early ransomware attackers relied on "spray-and-pray" tactics to target mostly individuals where ransom demands were relatively small compared to multi-million dollar demands that became more frequent in 2020-2021. With the emergence of RansomOps that are complex and akin to the stealthy operations conducted by nation-state threat actors, ransomware attacks have become harder to defend against for most organizations, and emboldened threat actors have driven up their ransom demands as more and more organizations choose to pay.  

“Ransomware gangs have made a strategic shift to targeted attacks against organizations that have the ability to pay multi-million dollar ransom demands, fueling the rise in attacks in 2021. No two RansomOps attacks garnered more publicity last year than those on Colonial Pipeline and JBS Foods. Unfortunately, ransom demands have increased this year and critical infrastructure operators, hospitals and banks have targets on their backs,” said Lior Div, Cybereason CEO and Co-founder.

To Pay or Not to Pay

A previous Cybereason report, titled Ransomware: The True Cost to Business, revealed that 80 percent of organizations that paid a ransom were hit a second time, many times by the same threat actors. Instead of paying, organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy. There are a variety of other reasons for not paying, including:

--NO GUARANTEES OF RETRIEVING DATA: Paying the ransom doesn’t mean that you will regain access to your encrypted data. The decryption utilities provided by those responsible for the attack sometimes simply don’t work properly. In the case of Colonial Pipeline in 2021, the company paid a $4.4 million ransom, received faulty decryption keys from the DarkSide Group and had to activate their backups to restore systems. 

--LEGAL IMPLICATIONS: Organizations could end of paying steep fines from the U.S. government for paying ransomware actors that sponsor terrorism. In addition, supply chain ransomware attacks that impact an organization’s customers or partners would result in lawsuits from the impacted organizations. 

--INCENTIVIZING RANSOMWARE ATTACKS: Organizations who pay ransomware attackers send the message that the attacks work and it continues to fuel more attacks and higher ransom demands. Like Cybereason, the FBI advises that organizations refrain from paying ransoms because it simply emboldens malicious actors by telling them that extortion works. 

The full RansomOps Report is available here.

About Cybereason                                                                                                                                      Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.

Media contact: 

Bill Keeler 

Senior Director, Global Public Relations 


+1 (929) 259-3261