Confidence Extremely Low in Battle Against Ransomware


July 25, 2023

World map

A recent survey of IT and Security pros found that fully 93% of respondents felt the threat of ransomware attacks to their organizations had increased in 2023 – and rightly so, as the dip in the volume of attacks witnessed in the first half of 2022 was short lived.

A recent report revealed that ransomware operators are approaching near-record profits in the first half of 2023, having extorted nearly a half-billion dollars from victim organizations.

The survey also found that two-thirds of respondents (67%) lacked confidence that their organizations could recover data and critical business processes in the event of a ransomware attack.  

Furthermore, nearly half of respondents (45%) acknowledged that their organization had been the victim of a ransomware attack in the prior six months – which should come as no surprise considering there are dozens of active ransomware gangs in operation today.  

Consider that just one of those groups, Cl0p, has compromised hundreds of organizations this year already, and are on track to hit about 400 victims in 2023 for an estimated $400 million in ransoms if the trend continues.

Takeaway:  Several studies put the average cost of remediating a ransomware attack for victim organizations in excess of $4.5 million, and this figure does not include the ransom payment, damage to brand, lost revenue from disruption to operations, increased cyber insurance premiums or other tangential costs.

Ransomware is one of the biggest threats to any organization, regardless of size or industry. The downstream impact from a large-scale ransomware event can have massive fiscal fallout and real-world repercussions.

The ransomware game is profitable – highly profitable. In fact, if you were to compare P&L sheets from the leading ransomware operations against leading security solution providers, you’d see ransomware gangs enjoy operating margins that would make almost any SaaS provider envious.

Ransomware operators are also better viewed as mature criminal business organizations with top-down hierarchical structures and diversified revenue streams.  

Why is ransomware so successful? The Ransomware-as-a-Service (RaaS) business model also includes many aspects that mirror those of legitimate Software-as-a-Service (SaaS) models, including:

  • Organized Like a SaaS Company: The RaaS model mirrors the SaaS model in that the providers offer subscription-based services and software – in this case ransomware and the associated attack infrastructure. RaaS operators invest in R&D and talent recruiting to stay competitive, offer customer support to reduce churn, and maintain and are intent on growing their annual recurring revenue (ARR).
  • Efficient Marketing and Partner Programs: Like their SaaS counterparts, RaaS providers develop their brand and foster revenue growth through marketing. RaaS operators seek to offer competitive affiliate programs where they compete on the basis of platform performance and profit sharing with their affiliate partners, much like SaaS vendors.
  • Multiple Revenue Sharing Options: Established RaaS operators may offer several options, including one-time licensing for a flat fee, monthly subscriptions, or through profit sharing where the RaaS provider takes a cut of the affiliate’s ransom take. Terms of Service can vary between RaaS operators, so the services included are key competitive factors.
  • High Revenue, Low COGS: Compared to their SaaS counterparts, RaaS operators typically have extremely low cost of goods (COGS) and a high operating margin, which means that they are very profitable from the outset. In contrast, most SaaS organizations have low or negative operating margins and a high COGS and can take several years or more to become profitable.

Ransomware is big business. The costs of recovering from a ransomware attack are passed on to consumers, to other businesses, to state and local governments, and so on. The financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy.

Traditional security solutions, while robust and effective for some threats, have clearly failed to protect organizations against ransomware attacks. There is a huge gap in protection and ransomware operators are expertly exploiting it to the tune of hundreds of millions of dollars yearly.

The only way we can counter its growth as a major industry vertical is to disincentivize the attackers, and the only way to disincentivize them is to make ransomware attacks unprofitable. The only way to make them unprofitable is for organizations to be resilient in the face of this ongoing threat. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.