How Economic Headwinds Influence the Ransomware Ecosystem
March 17, 2025 – Published on Dark Reading
The financial strain caused by ransomware attacks is well-documented.
Outside of the ransom demands themselves — which can now total tens of millions of dollars at the highest level — remediation and downtime costs can be even costlier. For example, eight months after cloud computing vendor Rackspace suffered a ransomware attack in December 2022, a filing with the Securities and Exchange Commission revealed the company spent more than $10 million on “costs to investigate and remediate, legal and other professional services, and supplemental staff resources that were deployed to provide support to customers.”
Independent of ransomware, economic factors have caused significant hardship to individuals and organizations since the beginning of the COVID-19 pandemic. The global inflation rate spiked from 1.9% to 8.7% between the third quarters of 2020 and 2022, according to data from the Council on Foreign Relations. And although US inflation has declined from its heights in June 2022, it is still substantially higher than the months preceding the start of the pandemic.
Moreover, the global economy has had to contend with rising food and energy prices, volatile business conditions, and an emerging trade war instigated by US leadership. These broader elements compound the basic hardship of a ransomware attack, putting immense strain on victims responding to an attack.
“We found that economic uncertainty and economic headwinds breed more threat actors,” says Grayson North, principal threat intelligence consultant at security consultancy GuidePoint Security and also a ransomware negotiator.
“Consider those that maybe don’t have another opportunity to make this kind of money. Maybe the allure of criminal enterprises is more attractive. We have long had all kinds of theories about the question of just how many ransomware actors are ex-cyber security individuals. Like somebody that works for a company in America, they work ransomware incidents. Maybe they get laid off and they’re sitting there, and they know they could print money using some of these skills. The only thing stopping them is legality.”
Read More HERE.