First, the facts. Last November the world learned that IoT systems manufacturer Advantech had suffered a ransomware attack. Bleeping Computer traced the infection back to the Conti ransomware gang who demanded 750 BTC from the computer manufacturing company for a decryption key and the deletion of stolen data from the attackers’ servers. At the time of discovery with then exchange rates (which would be higher now), that demand amounted to roughly $14 million.
Several days later, Conti’s handlers published about two percent of the victim’s stolen data on their data leak site. Advantech confirmed to Bleeping Computer that this information “was confidential but only contained low-value documents.” The company noted that it had recovered its attacked server, adding that it had also “carried out data preservation and system upgrades related to customer information security and operating systems.”
In the shadow of this attack, the question of just how long the golden goose of ransomware can continue to pay dividends is on everyone’s minds. How high can ransoms go and how much longer can the extortion continue to pay? The answer is, sadly, quite a bit higher and longer.
As with any business, pricing is hard to get right. The rules of pricing are simple and straightforward, practiced my marketers everywhere: owners need to charge in line with the solution as well as in line with the market and they want to make a profit (obviously), leaving no money behind while keeping it simple. As it happens, these rules are as true for the dark side as they are for more legitimate traditional industries.
Aside from all the other lessons of 2020, we are seeing just what the ransomware market will bear for the cyber gangs. Conti’s evolution as a threat provides some insight as to why. The ransomware made news near the end of August 2020 when researchers learned that its operators had created a data leaks site. Through this technique, ransomware actors can double-extort their victims: once for the decryption key and again for the assurance that the attackers no longer have a copy of their unencrypted data.
Source: https://www.forbes.com/sites/samcurry/2021/01/05/is-a-14m-pushing-the-ransomware-business-model-unfortunately-no/?&web_view=true&sh=6ca95b4630c3