Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years.

Read on to learn what factors are helping to drive this forecast.

Ransomware Costs Growing

Cybersecurity Ventures predicted in 2015 that ransomware would cost victims $325 million. Its predictions grew from there, suggesting a rising cost in related damages.

In 2017, for instance, the firm predicted that ransomware would cost victims $5 billion — 15 times more than it predicted two years ago. This cost projection grew to $20 billion for 2021, or 57 times what it was in 2015.

Looking ahead, Cybersecurity Ventures noted that more frequent attacks will factor in to rising costs. It estimated that there will be a new attack every two seconds by 2031.

Recent Attacks with High Price Tags

The current threat landscape supports these estimates.

For their part, victims are paying more in the aftermath of an attack. In May 2021, a U.S. insurance company paid a ransom of $40 million — the largest publicly reported payment made by any ransomware victim to date. This reflects the growth of the average ransom payment to between $50 million and $70 million.

That’s just ransom payments. Victims are also spending more to recover from an infection. Indeed, the average cost of remediating a ransomware attack more than doubled from $761,106 in 2020 to $1.85 million in 2021.

At the same time, threat actors are getting more creative with their attacks. Some are using a technique known as triple extortion to prey upon the customers of an organization victimized by ransomware. Others use double encryption, where they’re encrypting a victim’s apps and systems with multiple ransomware strains, thwarting recovery efforts and increasing payouts.

How to Defend Against a Ransomware Attack

The findings discussed above highlight the need for businesses and agencies to defend themselves against ransomware attacks. They can do this in part by training their staff to become familiar with phishing attacks, exploit kits and other common delivery vectors for ransomware. As part of this effort, they can use threat intelligence to inform their ongoing security awareness training modules.

Organizations can then complement those security measures with technical controls. By implementing multi-factor authentication and user behavior analytics, for instance, they can find and fix suspicious behavior that could be a sign of a ransomware attack.

More from News

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read