Why is ransomware still so pervasive? -Low-cost of entry It's difficult to catch the bad guys -Lower skillset is enough

Security & GRCThreat Intelligence & Incident Response
901 viewscircle icon3 Upvotescircle icon3 Comments
Sort by:
Senior Information Security Manager in Software4 years ago

Ransomware is still so pervasive for the same reason grand theft auto, Medicare fraud, etc., is so pervasive – it is very profitable, and the odds of being caught are slim.  And that makes a dangerous combination for victims.

Lightbulb on2
Director of IT in Software4 years ago

The cybersecurity awareness and readiness/skills have improved, but so have the attacks and exploitation vectors.

Ransomware has been very lucrative for attackers. Hacktivists and script kiddies have transformed into full-blown criminal organizations with the skills, and the attacks are more and more sophisticated. You have groups that create and rent ransomware tools to criminals, so everything is on the next level now.

On the other side, more and more organizations have cybersecurity insurance. If they get hit, they opt to pay as it is being seen as a cost, i.e. for some, it's cheaper to pay out the ransom than invest in a cybersecurity program, which is more attractive if you only pay the deductible.
I am against paying the ransom because it encourages the bad actors to make more attacks, and I think it should be illegal to pay the ransom.

If no one is paying, we will see less interest in executing it, and the bad actors will move to a different activity.

Lightbulb on1 circle icon1 Reply
no title4 years ago

Thanks, great insights Ajet. <br><br>Relative to your last point, I think that&#39;s really the why isn&#39;t it. From a threat actor&#39;s standpoint, this activity still has the following attributes. Low cost of entry, difficulty to be caught and punished, overall skillsets are fairly low. 

Lightbulb on1

Content you might like

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Read More Comments

If two RFP bids are neck-to-neck on core requirements, which factor becomes the ultimate tie-breaker?

Proven outcomes – Documented success stories and measurable KPIs36%

Implementation confidence – Detailed plan, risk mitigation, and resource readiness47%

Total cost – Clear TCO, price protections, and exit terms39%

Innovation & future readiness – Ability to scale, adapt, and support emerging needs13%

Vendor relationship strength – Cultural fit, governance model, and executive commitment13%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Very likely6%

Likely42%

Somewhat likely22%

Somewhat unlikely14%

Unlikely11%

Very unlikely2%

Unsure

View Results