cyber attack

New Data Shows Sharp Rise in Ransomware Attacks, Payments Demanded From Hackers

Ransomware attacks hit at least over 200,000 organizations last year, and the average ransom demanded rose dramatically at the end of 2019.

The ransomware crisis will get worse before it gets better, according to several experts interviewed by The New York Times in a report containing new data on the amount of businesses and public sector organizations hit by the malware.

While many businesses quietly pay ransoms and never report the attack to authorities, cybersecurity firm Emisoft collected data in 2019 showing the widespread nature of the attacks. Last year, 205,280 organizations submitted files that had been hacked in a ransomware attack, a 41 percent increase from 2018, according to the Times.

The average payment demanded by hackers to release files back to their owners rose to $84,116 in the last quarter of the year, according to data from Coveware. That number hiked up to $190,946 in December, when ransomware attackers were said to demand millions from larger corporations.

But even this devastating data cannot paint the full picture of ransomware attacks, as many corporations attempt to hide that they were the victims of ransomware due to fears that they will earn media attention and negatively affect investor confidence.

In addition, cyber-insurance providers -- many of whom help their clients pay the ransoms rather than attempt to recover the files through backups -- are raising insurance rates in the wake of higher demands and more frequent attacks. Businesses often do not report the incidents to the FBI, which tallied only 1,493 reports in 2018.

Steven Chabinsky, a lawyer and former deputy assistant director of the FBI’s cyber unit, told ProPublica that many businesses do not report because the FBI does not offer much assistance and can create another distraction in the middle of a crisis.

“Not that I’m saying corporate America is dishonest, but the last thing you want is a bunch of FBI agents crawling around your company,” Chabinsky added. “There is no benefit whatsoever of you reporting. There’s no incentive. And there’s clearly identifiable cost. It’s the cost, the disruption, the risk they talk to some employee and now you’re under investigation. There’s no upside.”

Security experts are also concerned about the rise in certain trends among attackers, including hackers releasing stolen files to the public in an effort to pressure or punish victims who have not paid the ransom. Federal authorities have struggled to address the attacks and their ramifications because the hackers largely operate outside of the U.S. using hard-to-track financial systems, most often Bitcoin.

In the meantime, one agency has taken action in an attempt to help businesses and organizations recover from the attacks. The National Institute of Standards and Technology released a set of free guidelines in January after it tested a variety of cybersecurity solutions in different IT environments to find out which methods were most effective in fighting ransomware.

Organizations can read the framework here and provide public comment on the report from now until Feb. 26.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events
  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.