Please fill in the form below to subscribe to our blog

Ransomware Surge Brings Nothing But Bad News in Its Wake

September 30, 2021
ransomware rwpresented b a cartoon of a white cloud on a red background being hed pisoner by a black chain and lock.

A Wave of Fresh Attacks Cranks Up the Danger for Businesses

Ransomware is making headlines in tech news, and not because of a big, splashy attack. It’s because a cascade of news around ransomware has been emerging and none of it is good for businesses. Ransomware has created an outsize presence for itself in the cybercrime ecosystem, keeping this menace at the forefront of IT leaders and business owners’ minds as they grapple with the question of how to keep their organizations safe on a budget in a quickly evolving and shadowy threat landscape. 

50% of IT pros do not believe their organization is prepared to repel a ransomware attack. Is yours? Build stronger defenses with the strategy in Ransomware Exposed. DOWNLOAD NOW>>

The Forecast is Not Good 

Is it any wonder that ransomware continues to dominate the security conversation? The specter of an attack is in every business’s peripheral vision regardless of their location or industry. Organizations located in Asia (33%) and North America (30%) and Europe (27%) were the hardest hit by ransomware attacks in 2020 and carry the most risk in 2021. Looking at this threat holistically by the numbers paints a chilling picture of danger for every organization. Ransomware attacks have continued to pound businesses, rising to heretofore unseen new heights in Q2 2021.  

  • Ransomware now accounts for 69% of all attacks involving malware
  • That’s a 30% jump over the same quarter in 2020
  • There was a massive 45% increase in ransomware attacks in April 2021 alone
  • UK researchers noted that 22% of attacks in the first quarter of 2021 were ransomware
  •  85% of ransomware attacks target Windows systems   

Ransomware demands are on the rise as well. A report in Tripwire details new research showing that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million 

The ways that ransomware is delivered are also in flux. The vast majority of ransomware is still delivered through phishing messages, but not all of it – and that’s a challenge for IT staffers to negotiate when email volume is high and alerts are coming in fast and furious but the number of hands to do the extra work is low.

  • Precisely targeted ransomware, typically delivered through spear phishing, has grown by 767% 
  • 48 % of infectious attachments that contain malware like ransomware are Office files 
  • 90 % of IT pros had clients that suffered ransomware attacks in the past year
  • Businesses experienced a 64% increase in overall email threat volume in 2020
  • An estimated 94 % of ransomware arrives at businesses via email

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

What risk will you face next? Learn what to expect from The Global Year in Breach 2021. DOWNLOAD NOW>>

Ransomware Practitioners Are on the Hunt for Data 

No industry is safe from the ransomware surge, but a few have been getting hit harder than others. Booming dark web data markets have whetted cybercriminal hunger for data, leading to attacks on industries that tend to keep it. Cybercriminals can make handsome profits selling data in dark web data markets and industries may find themselves in cybercriminals’ sights because of the high desirability of their data. In 2020, ransomware attacks increased substantially against companies known to have deep databases and that trend continues. 

Attacks on retailers have also skyrocketed, accounting for 95% of all attacks using malware. Experts point to the fact that cyberattacks involving payment skimmers, a former cybercrime staple, have dramatically decreased in the face of improved security. However, previous ransomware attacks in this industry mostly targeted data like payment details, personal information, credit card numbers and other financial information. Nowadays, bad actors know that they can score a solid payday by encrypting systems and/or data, then settling in to wait for a juicy ransom. IBM noted in a recent blog post that cyberattacks against retailers increased by a massive 1280% from the beginning of 2020 to the end of the year. 

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

More Money, More Problems (for Businesses) 

That ransom could be especially lucrative if the cybercriminal actors are using popular double or triple extortion ransomware. Double extortion ransomware is a rising star as cybercriminals double down on their attacks to double their profits by requiring their victims to pay twice: once for the usual decryption code and a separate fee to not have the encrypted data released by the gang. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020. Adding one more step to the traditional double extortion dance, triple extortion ransomware may not only require companies to pay for a decryption key or the return of their data, but it also includes a payment to avoid another damaging effect like a DDoS attack or public embarrassment about the incident.  

While cybercriminals are cleaning up in ransomware operations, businesses are paying the price and it is steep. Companies impacted by ransomware lose an estimated average of six working days, and 37% of them experience downtime of one week or more. Any organization that falls victim to ransomware is looking at big bills. The cost of a ransomware incident including investigation, remediation and recovery worldwide is expected to exceed $265 billion by 2031. That isn’t a bill that any organization can afford to pay. The exorbitant costs, lost revenue and reputation damage that a business suffers in the wake of a ransomware incident is too much for many businesses to survive – 60% of companies go out of business within 6 months after a cyberattack.  

Paying the ransom isn’t going to get you off the hook either. Beyond the fact that it is illegal in the US and many other nations, Only a small percentage of companies that pay the extortionists the money that they demand will ever get their data back. In a 2020 study, only 66% of organizations that paid the ransom were able to recover any of their data and almost 35% of organizations that paid a ransom did not receive an encryption release or key. Paying off the criminals is not a smart tactic for future defense either, because it does not guarantee that those bad actors won’t leave a backdoor into your systems to allow themselves to make another visit. Almost 70% of companies that weathered a cyberattack were hit with another one within a year. 

malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>

Improve Your Ransomware Defense by Thinking Outside of the Box 

It’s clear that the same-old strategies and tools aren’t quite up to the challenge these days. Consider adding two new tools to your security arsenal to reduce business risk.  

Cyber Resilience 

A cyber resilient organization is much more likely to stand strong in the face of rising threats from a variety of sources, including ransomware. In a cyber-resilient company, business operations don’t grind to a halt in the event of a cyberattack. That starts with creating and drilling a smart incident response plan. Over the past two years, only 39% of companies with a formal, tested incident response plan experienced a disruptive security incident, compared to 62% of companies with less formal or consistent plans. 


Zero Trust is the path that the US federal government has chosen to fight back against ransomware in consultation with tech behemoths like Microsoft and IBM, implementing new rules requiring a zero-trust framework for federal agencies, contractors and suppliers. A cornerstone of zero-trust security is controlling access to critical systems and data, making sure that only those who really need to access those things can get to them. Forget about trusted users; everyone from an intern to the CEO has to prove their legitimacy every time they log in. That takes the power out of a filched password in a hurry.  

Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>

ID Agent Can Help 

MSPs and SMBs agree: ID Agent can help make sure that businesses of every size are ransomware ready. Take action now to build a strong defense against ransomware with the powerful 1 -2 punch of BullPhish ID and Passly.

Passly includes the functionality of 3 solutions in one affordable package, including:

  • Multifactor authentication (MFA)  is a must-have for zero-trust security that stops 99% of password based cybercrime, 
  • Single-sign on adds another layer of protection by minimizing the number of credentials an employee has or access controls the tech staff manages.
  • Simple remote management and secure shared password vaults make it easy for IT teams to respond quickly in an emergency to isolate a compromised account.
  • Automated password resets eliminate the constant wave of reset tickets, saving time, money and stress.

BullPhish ID is the streamlined, user-friendly solution to every training challenge, including:

  • Choose from lessons on phishing, ransomware, compliance, data handling, password security and more in 7 languages with engaging animated videos.
  • A frequently updated library of plug-and-play phishing simulation kits that can be scheduled to run automatically.
  • Lots of options for customization and white labeling for everything from training content to access portals.
  • Simple, clear reporting that enables everyone to clearly see employee progress and measure the value of training.

Make sure that your business is taking a strong security posture against cybercrime threats like ransomware with the ID Agent digital risk protection platform including award-winning solutions Dark Web ID, BullPhish ID and Passly.

Contact one of our solutions experts today for a personalized demo and get started on your ransomware defense. 

Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!