By IT Brew Staff
less than 3 min read
Definition:
Perhaps the predominant hack tactic being used by threat actors today, ransomware involves deploying malware that can lock the victim out of their data or steal it outright. Then, the victim has a choice—pay the ransom or see their data sold to the highest bidder. At least, that’s the way it used to be. Now attackers don’t necessarily turn the information over without releasing it first; some threat actors take the money and still sell the data, a practice known as “double extortion.” It’s a sign of a changing threat landscape and more chaotic, anarchic criminal enterprises behind the attacks.
Crime is money
The proliferation of ransomware has led to an explosion in criminal innovation, with malware-as-a-service providers, shared source code and coworking across gangs, and more coordination. It’s important to see these gangs more as companies than as ragtag thieves. Often the organizations have customer support—they’re professionals and need to be taken seriously.
A report from Rapid7 found that in 2024, relentless attacks led to costs of up to $380 million in total, with a surmised median payoff of $200,000. That’s substantial harm to the bottom line. Alex Cox, director of threat intelligence at LastPass, told IT Brew in June 2024 that the financial benefits are clear.
The best offense
“The ransomware actors know that in the event that these companies don’t have the proper setup to deflect the ransomware attack—good backup, segregated network, good security training, that sort of thing—their only option is to pay the ransom or use their cyber insurance,” Cox said. “And that gets the bad guys a payday.”
Analysts have noticed the increase in attacks. Christiaan Beek, senior director of threat analytics at Rapid7, told IT Brew in February 2025 that 2024 was a bonanza for threat actors.
“I would say 2024 went full-on,” Beek said. “It was a year full of attacks, after attacks, after attacks.”
