Skip to content

Why Are So Many Financially Motivated Cyber Attacks Based on Ransomware?

Posted by Trevagh Stankard on Thu, Mar 18th, 2021

If you ever find yourself a victim of ransomware cyberattack, you will quickly know about it. Some malware goes undetected for months. Some malware quietly sits, stealing login credentials and other data without the user even knowing it is happening. But ransomware is a flamboyant, ‘in-your-face’ kind of malware that ensures its victims are fully aware of its presence.  Once infected with ransomware, files and documents across a network and the cloud are encrypted: a pop-up notice on the infected computers then demands a ransom.

In 2020, as well as a pandemic, businesses across the world had to deal with a tidal wave of malware, with 81% of all cyber-attacks that were financially motivated being based on ransomware. 

5 Reasons Ransomware is so Successful

The report behind the finding that 81% of all financially motivated attacks use ransomware, also found that the average ransomware payment increased by 178% in 2020. Ransomware is a lucrative option for cybercriminals looking for a financial payout. In 2020 in the U.S., 676 breaches used ransomware in an attack, this is an increase of 100% on 2019 figures.

Ransomware is an attractive malware type and one that looks set to continue to be used

Here are 5 reasons why is ransomware so successful:

Reason 1: The Mechanism to Obtain Money is Perfected

The first ransomware attempt, back in 1989, required the victim to send a cheque for $189 to PC Cyborg Corp. to a post office box in Panama. The advent of cryptocurrency which provides a means to hide money transfers has given ransomware fraudsters the perfect way to obtain money without leaving a trail to find them.

Reason 2: Boosted by Cybercrime-as-a-Service

Fraudsters no longer need to be software programmers. Instead, they just rent ransomware in ‘Ransomware-as-a-Service’ (RaaS) packages. These pay-as-you-earn options, made available on the dark web, allow fraudsters to quickly spin up a ransomware campaign. The system works like an affiliate service, the ransomware developer receiving a fee or a share of the proceeds.

Reason 3: Wide Choice of Targets

Ransomware fraudsters go after managed service providers (MSP) with 4 in 5 MSPs being targeted. SMBs too, are in the sights of the ransomware fraudsters with 1 in 5 smaller firms being a victim of a ransomware attack.

Reason 4: Ransomware Payday

The average payment in Q3 2020 was $233,817.

Reason 5: Ransomware Evades Detection

Ransomware developers are using sophisticated techniques to ensure that the malicious code evades detection by legacy anti-malware tools. Trickbot is a recent example of fraudsters using new tools to avoid detection and removal: Trickbot malware is used to distribute ransomware, acting as a ‘loader’. A recent version update that uses a method of hiding behind legitimate email content, has meant that automated scanning software cannot detect the malware.  Ransomware developers are continuously using new methods of delivery, distribution, and execution that cleverly avoid detection by signature-based anti-malware solutions.

What Can an Organization do to Prevent Becoming one of the 81%?

Ransomware developers are highly innovative. To counter the threat of sophisticated ransomware (and other malware) campaigns requires similar innovative thinking and smart anti-malware solutions. This requires a combination of threat mitigation measures including:

  • Use a secure backup system. No backup system is 100% effective but backups can be used to help reduce the impact of a ransomware attack. When choosing a ransomware-resistant backup system, use a system that can easily be moved offline and isolated to protect the data in the store. Also, use multiple backups using different storage areas.
  • Smart anti-malware solutions:
    • Protect against a variety of attacks that can harbor ransomware by deploying a cloud-based spam filtering solution. This includes phishing that utilizes embedded links and attachments
    • Deploy layers of content filtering to prevent users from accessing malicious and spoof websites
  • Use anti-virus and anti-malware protection on endpoint devices and keep the software up-to-date
  • Keep all devices across the expanded network patched
  • Disable the remote desktop protocol (RDP) on any computers exposed to the Internet
  • Conduct user training in security awareness and phishing so that users can act as a line of defense


Ransomware will continue to haunt enterprises of all sizes across all sectors until the food that feeds it is removed. To this end, the FBI does not support the payment of ransoms. However, this is often easier said than done when key business operations are stalled because documents are inaccessible. Instead, prevention is better than any possible cure. By using a combination of secure backups and intelligent anti-malware solutions, even evolving ransomware threats can be mitigated.

Protect your organization from ransomware attacks this year, with multi-layer security. SpamTitan and WebTitan’s advanced threat protection, protects against ransomware attacks. Talk to a TitanHQ team member today and discover how we can help protect your organization. Contact us today.

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us