Just How Prolific is Ransomware?

Our friends over at Bromium recently published a study entitled “into the web of profit” that focussed on revenue flow and profit distribution as it pertains to ransomware. The annual revenue from the ransomware supply chain – $1.5 trillion (no, this isn’t a typo).

The amount of money involved is staggering when you consider that the average ransomware demand-per-incident is roughly $2,500 but can go as high as $50,000 (or higher) depending on the affected organization and its perceived worth to the attacker. According to Bromium $1 billion was obtained from ransomware, $160 billion was made from data trading, $500 billion from trade secrets, $860 billion from illegal goods and services online, and $1.6 billion on crime-ware.

If you’ve been putting off updating your information security program documentation to include ransomware mitigation and response procedures it may be time to block off some calendar spots in your day to make it happen. If you’re unsure as to how you should update your program to incorporate ransomware risk tolerances, mitigation, and response activities, please reach out to LEO Cyber Security today and speak with one of our experienced CISOs.

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.


Leave a Comment