Ransomware on track for highest-grossing year
Add Axios as your preferred source to
see more of our stories on Google.
Ransomware costs have ballooned for victims in 2024 as malicious hackers have targeted higher-value companies more likely to pay a large sum to unlock their systems.
Why it matters: As long as ransomware keeps paying, hackers will keep using this technique.
By the numbers: Chainalysis said in a report yesterday that it's detected what it believes is the largest ransomware payment ever — $75 million that went to the Dark Angels gang this year.
- That number is roughly double the highest payment of 2023, which was $37.8 million.
- The median ransom payment has also skyrocketed: In early 2023, it was $200,000. As of July, it was $1.5 million.
Driving the news: Late last month, cybersecurity company Zscaler indicated that a Fortune 50 company had made the $75 million payment.
- Earlier this year, UnitedHealth's Change Healthcare paid $22 million to unlock its systems after a debilitating ransomware attack — and also to keep hackers from publishing stolen information online.
The big picture: Ransomware gangs have been demanding larger payouts, while also targeting fewer high-profile victims, Chainalysis noted.
- The tactic — known in the industry as "big game hunting" — primarily leans on hackers targeting critical life services like a hospital or larger businesses that may be more likely to pay up to bring their services back online.
Between the lines: Ransomware has proven to be a difficult problem for law enforcement and government officials to squash.
- Despite law enforcement takedowns, new hacker groups keep cropping up.
- And breaking into companies is still relatively easy, with more hackers gaining access simply by stealing an employee's password.
