Since each ransom attack varies so much, it is tough to answer what exactly the typical ransomware payment is. It is also difficult to pinpoint the exact number of ransomware gangs that are active, but it is certainly a large amount. Most are spread out from Ukraine to Russia, but others are in North Korea, China, Iran and elsewhere. The trend is evident – most are in places where US law enforcement cannot reach them. Additionally, their governments either turn a blind eye or fund their operations.
Making matters more difficult, all the different cyber gangs in various countries use a variety of tools. Some they develop on their own, some they license as a Software as a Service – if you can believe that. They all have varying levels of ambition or viciousness, although all the them have one goal in common: to create for you the maximum pain and suffering they can provide.
So how much are “typical” ransoms? A brief history lesson on ransomware will answer that question, as there is a very clear trend.
In the early years of ransomware, even a $200M per year company would only get a ransom of $300-600. The ransomware threat actors did not know if they hit your grandmother’s PC or a large company. However, by 2018, they seemed to figure out how big the victim was and they priced accordingly. Typical ransoms for a company that size grew to $50-80k. Ransoms continued to rise, and by January 2020, even a company doing only $20M annually could expect a $50-100k ransom. Then came the COVID-19 lockdowns and the work-from-home mandates. Internal and external IT staff were ordered to hastily deploy WFH solutions. Not much regard was typically given for security which created an explosion in ransom opportunities for the crooks. By May of 2020, a $50-100k ransom tripled to $200-300k. Unfortunately, the next few months did not get better, and by September 2020, we were seeing $1-2M plus ransoms. Last month, we saw our first $20M ransom.
According to Coveware, a company that collects data on ransomware, ransom payments are continuing to rise (see Ransomware will likely get worse in 2021: report). As of third quarter 2020, the average ransom has grown 31% to $233,817. This number is smaller than most of the ransoms Alvaka sees, as we work with mostly mid-size firms and smaller companies pull this average down. The typical ransom we are now seeing is $500,000 to $2,000,000. And that is expected to continue to rise.
Pricing methodologies of the threat actors varies, too. We have seen pricing that appeared to be based on the number of servers, others on the number of files, some on the total amount of storage affected and more. Some are combinations of the above, or perhaps custom set when they hit a larger entity with an online presence or a high level of pain when shut down.
If you are here because you are a current victim of ransomware, you should get professional guidance immediately. Often, it is good to resist the urge to quickly communicate with the ransomers. Often doing so starts a timer that gives you just a few days to pay the ransom, or it doubles, triples, or worse; in a few cases, they threaten to essentially start deleting a bit of your data at intervals so that getting it all back will not be possible. Even one gang, from one month to the next, can seem to have radically different pricing for what appears to be similar victim profiles.