As recently as three years ago, businesses whose data was being held hostage by ransomware attackers could expect to pay upwards of $10 million to retrieve their files unencrypted, enabling them to get back to doing business.
Last week, PulseTake, the Chicago medical pre-planner, was able to get its data back for $150 worth of fast food gift cards – just one example of the ransomeware deals available to US businesses today.
“In 2020, there were only one or two thousand players in the ransomware game,” says Lenore Tomlin of the Simmings Institute, “Today there are upwards of 50 thousand and they’re tripping over each other trying to make a living.” As a result, she says, many companies are enjoying tremendous savings when it comes time to reclaim their files.
“Last year we assumed we’d be attacked multiple times so we budgeted $750 million in ransom expense,” says Nora Walls, PulseTake’s Chief Strategy Disseminator. “So far we’ve had eight attacks, but we’ve paid out only $1650 – a pretty good shot to the bottom line.”
Things will only get tougher for the ransomware business, says Tomlin, unless the players are willing to diversify
Attacker Charles Walsh of Baltimore was thinking of getting out of the business altogether after his income dropped from $20 million in 2017 to $4500 in 2022 – half of which was in oil change certificates.
“Then I discovered hepberry scones,” he says, “which involves combining the fruit and the scones to a level never before imagined.” He started making and selling the pastry by mail in January, and predicts the profits he’ll earn from them will surpass his ransomware earnings by 2026.
