Ransomware Demands are Doubling Every Six Months, Study Finds

Ransomware has grown to become one of the most alarming cybersecurity challenges in recent months in part due to the number of attacks and the types of victims that have had their data locked up. Hospitals, schools, and municipalities across the country have been forced to temporarily suspend operations due to ransomware disruptions.

But another worrisome trend is also bubbling up, according to a new study. The average payment demanded by ransomware operators has skyrocketed over the last several quarters, reaching an astounding $178,254 in the second quarter of 2020, nearly quadruple the amount demanded in the same period one year earlier, according to a report from cybersecurity firm Coveware.


Just two years ago, ransomware was seen as a nuisance: For just a few thousand dollars—and sometimes even less—victims could obtain decryption keys to unlock their data. But since then, ransomware operators have gotten increasingly sophisticated and engineer their attacks to do maximum damage, said Kristen Dauphinais, Head of U.S. Cyber and Tech at British insurance firm Beazley. They also target specific companies, instead of the former “spray-and-pray” strategy, and demand ransoms that are closer to the cost of losses that would be incurred if a company was forced to restore their systems from backups.

“About 18 months ago, ransomware events began in earnest… once the criminals get in, they sit and wait for weeks, sometimes months, observing the network, exfiltrating data, and searching for legacy systems that haven’t been updated,” Dauphinais said. “Once they have all the information they need, that’s when they strike.”

Although the average ransomware demand surpassed $100,000 for the first time this year, some incidents can be significantly more costly. Beazley, which provides cyber insurance, routinely sees ransom demands in the seven-figure range, and occasionally sees demands of $10 million or more, she said.

Even as ransomware demands hit unprecedented highs, there’s little reason to think that the problem will decline anytime soon. Although federal law enforcement agencies have cracked down on state-sponsored hackers and some cybercrime gangs, ransomware operators have so far evaded capture for the most part—because they typically ask for payment in cryptocurrency, the money can be difficult to track down. The U.S. Department of the Treasury recently released a pair of advisories warning victims that they could run afoul of sanctions and anti-money-laundering rules by making payments to blacklisted entities, but it’s unclear how big of an effect that will have on ransomware operators.

“The general consensus is it was a shot across the bow to raise awareness of the situation,” Dauphinais said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Adam Janofsky

Adam Janofsky

is the founding editor-in-chief of The Record from Recorded Future News. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.