Please fill in the form below to subscribe to our blog

Here’s What the Path to a Ransomware Attack Might Look Like & the Consequences

May 27, 2022

Follow the Lifecycle of a Ransomware Attack to Gain Insight Into Stopping One

A ransomware attack is high on the list of things that no IT professional wants to have to deal with for their organization. If it’s successful, a ransomware attack will be a major drain on a company’s resources and create complications that will reverberate for ages. It can also put an organization out of business in a flash. An estimated 60% of companies shutter in the wake of a cyberattack. Here’s a look at the road that a ransomware attack might travel to arrive at its victim’s virtual door as well as the potential consequences that the victim might face.  

Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>

The Run Up to a Ransomware Attack: Behind the Scenes Planning  

Did you know that the U.S. Federal Bureau of Investigation tracks an average of 100 unique ransomware groups on any given day? One of the things that makes stopping cybercrime so tricky is that new ransomware gangs crop up constantly. They can form organically, spawn from other groups or emerge as a “rebranding” of another big player. For example, the notorious Conti ransomware group has “rebranded” into a variety of smaller gangs. This is a commonly used tool when a ransomware group has drawn too much heat from law enforcement. However it happens, a ransomware attack starts with the formation of a squad of attackers.

Most ransomware gangs are motivated by money, and they’ll go after targets that are likely to pay them quickly. Experts declared that in 2021, the ideal target for a ransomware attack is a U.S. company with a minimum revenue of $100 million. Canada, Australia and Great Britain are also popular locations when cybercriminals go target shopping. Industries and infrastructure sectors that are under stress are also prime targets, especially if their business is time-sensitive – 14 of 16 critical infrastructure sectors in the U.S. experienced ransomware attacks in 2021. Money may also be a motivation for nation-state threat actors, especially if their sponsoring nation has a hard time making money legitimately. A rogue state like North Korea can haul in $1 billion or more per year from cybercrime.  

Once a target is chosen, the bad guys will first look for an easy way to get the job done, like obtaining legitimate credentials that enable access to a target’s environment. Employees selling credentials are a likely source. Ransomware practitioners are typically willing to pay a malicious insider handsomely.  Privileged credentials that can open the door to the heart of a business are especially coveted, going for an average of  $3,000 to $120,000 for a single legitimate credential depending on the level of privilege associated with it.   

Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>

Starting the Attack: Adding Affiliates & Freelancers to the Cast of Characters 

Even cybercriminals are outsourcing these days. Most ransomware gangs recruit affiliates to conduct the actual attacks. In a common affiliate relationship scenario, the boss gang provides the affiliate with the proprietary malware used in the incident and access to specialized resources if needed. The affiliates typically handle the day-to-day business of the attack, sometimes turning the operation over to the boss gang when it’s time to negotiate the ransom.  Affiliates are generally on the hook to pay the gang that recruits them an estimated 10 – 25% of the total take.   

It’s standard practice for big ransomware outfits to hire help and acquire resources in dark web forums. An estimated 90% of posts on popular dark web forums are from buyers looking to contract someone for cybercrime services.  The rise of a robust Cybercrime-as-a-Service economy makes it easy for bad actors to buy what they need to succeed. It’s a snap for them to obtain the malware that they need from a Ransomware-as-a-Service developer. If the bad guys have chosen to use phishing to deliver their malware, that can easily be subcontracted out too by hiring a Phishing-as-a-Service specialist. An estimated 94% of ransomware arrives at businesses via email.     

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>

Accomplishing the Main Objective: Getting Paid 

Once the stage is set, the wheels are put in motion. If the attack is successful, it’s time for the cybercriminals to carry out some old-fashioned extortion. Depending on the type of ransomware used, the bad actors may demand payment for a decryption key to unlock systems and data, for the safe return or destruction of stolen data. The most common type of ransomware attack these days is the double extortion variant. In that scenario, the bad guys demand two payments from the victim, like one payment for a decryptor and a second to stay quiet about the victim’s security failure. It accounted for 50% of ransomware attacks in 2020.     

However they get their hands on it, a successful ransomware attack is highly likely to be a windfall for the bad actors who perpetrate it and their associates. In Q1 2022, the average ransom demand rose 144% to $2.2 million, and the average ransom payment rose 78% to $541,010.  Of course, each group sets its own prices. In 2021, researchers determined that the Conti ransomware group’s demands averaged $1.78 million, with their top initial demand hitting $3 million, while REvil made an average initial demand of $2.2 million to its victims.    

The right dark web monitoring could be the difference between security success or failure. This checklist helps you find it GET IT>>

After the Attack: Digging Out from the Fallout  

Unfortunately, an estimated two-fifths of organizations that fall victim to ransomware choose to pay the extortionists, and that has negative consequences for everyone. If the scheme works, the bad guys will keep on using it. Paying up doesn’t usually solve the problem either. On average, only 8% of companies that pay get all of their data back, and nearly a third were never able to recover more than half of their stolen data.  

Paying the ransom also carries no guarantees that your data won’t be copied, or that bad actors won’t leave a backdoor into your systems that gives them the opportunity to return at their leisure – an estimated 80% of organizations that pay up experience another attack. The expense of mitigation and recovery from a ransomware attack is also punishing. The average ransomware recovery cost an estimated $1.85 million in 2021, up from $761,106 in 2020. 

security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>

MSPs See Clients Suffer a Variety of Negative Consequences 

The outcome of a ransomware attack will be different for every organization, but by looking at the consequences that many MSPs see their clients facing, a snapshot emerges of what companies might expect to see ahead of them after a ransomware incident. A report by Unitrends MSP showed that MSPs say that they’ve seen a slew of nasty consequences for clients that have been hit by a successful ransomware attack including data loss (22 %) and downtime (22 %). A variety of elements keep the expense of a ransomware incident snowballing in the aftermath, leaving businesses facing an array of challenges.  

Consequence of a Ransomware Attack% Presence of Consequence in Reported Attacks
Lost Data22%
Lost Profits14%
Reputation Damage15%
Compliance Failure9%
Source: Unitrends

A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>

Choose Smart Solutions to Avoid Ransomware Trouble 

Instead of paying extortionists over and over again, invest in strong security now to prevent ransomware attacks from landing on your company. 

Security & Compliance Awareness Training  

Phishing is the most likley way for a ransomware attack to start. Security awareness and phishing simulation training is effective in reducing an organization’s risk – 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing.    

BullPhish ID is the ideal solution for businesses of any size  

  • Choose from a huge library of security and compliance training videos with new content in 8 languages added monthly 
  • Run effective simulations with plug-and-play or customizable phishing training campaign kits  
  • Automate the delivery of training to users as well as reports to stakeholders  

Watch Out for Dark Web Danger  

Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. An estimated 60% of data breaches involved the improper use of credentials in 2021.  

Dark Web ID is the answer. 

  • Rely on 24/7/365 monitoring using real-time, analyst validated data  
  • Monitor business and personal credentials, including domains, IP addresses and email addresses  
  • Gain priceless peace of mind about dark web dangers  

Schedule a demo today! BOOK DEMO>>

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!