In 2019, experts predicted that one business will fall prey to ransomware every 14 seconds. By 2021, that span will shrink further to 11 seconds. The global ransomware damage costs are expected to escalate to up to $20 billion by then.
The good news is that technology is shifting at a rapid pace. Systems are getting more sophisticated. But, the bad news is that so are ransomware attacks. As the underlying technology gets more complex, we are facing newer cybersecurity challenges that need more time and skill to both prevent and cure.

The Goosebumps-inducing Ransomware Attacks of 2019
The ransomware landscape remained lively throughout 2019 as hackers continued to see value in targeting public bodies, governments, and enterprises.
Multinational manufacturers, as well as U.S. city and county governments, used up at least $176 million in 2019 toward costs pertaining to ransomware attacks. This includes the cost of investigating an attack, restoring backups, rebuilding networks, paying the ransom, and putting preventative measures in place to avoid similar occurrences in the future.
Let’s review the top ransomware attacks that plagued enterprises and governments last year:
- Texas Towns coordinated attack – A coordinated ransomware attack hit 22 towns in Texas on Aug 16, using the REvil ransomware (Sodinokibi). The municipalities were locked out of their IT systems after hackers breached the software of a third-party service provider that remotely managed their IT infrastructure. The hackers demanded a ransom of $2.5 million, but nobody paid (“Don’t Mess with Texas”) as the towns transitioned from assessment to recovery, incurring at least $12 million, including costs to the county governments, educational institutions, and cities and towns.
- Baltimore ransomware attack – Several critical functions for Baltimore were encrypted on May 7 when its computer systems were affected by a ransomware strain known as RobbinHood. The damage crept to online payment services for water bills, the city employees’ email and voice mail systems, property taxes and traffic citations, real estate transactions, and more. The hackers quoted a ransom of $76,000 in exchange for the decryption key. The city refused and restored the data and systems on its own, incurring $18.2 million in recovery efforts, forensic analysis, detection, new hardware and software, and new systems deployment.
- Norsk Hydro ransomware attack – The Norway-based aluminum provider suffered from a large ransomware attack with complex side effects from March to the summer: production issues, etc. Costs of recovery and mitigation were between $60 and $71 millions. Attackers used the weapon LockerGoga which was also used against many important business targets like Altran in late January.
- Demant ransomware attack – The Danish hearing aid manufacturer Demant faced an incident that prompted the company to shut down its internal IT infrastructure, as the impact spanned from the company’s Polish production and distribution facilities through its Mexican production sites and ERP system. The recovery and mitigation costs amounted to a gigantic $80 million or more.
According to Statista, spam and phishing emails are a leading cause of ransomware infections, followed by a lack of cybersecurity training and weak passwords or access management.
At TEHTRIS, we recorded a parallel increase of hackers using remote security vulnerabilities to get targeted illegal access without human interaction, beyond the phishing operations, so that it could be converted into ransomware options (from days to weeks depending on the situation of the attackers): related blog entry.
Moreover, some of these offensive hackers are now extending these damaging effects with data theft options so that they can disclose them on the Internet in case the victims would refuse to pay.
2019 saw both spray-and-pray attacks as well as targeted ransomware attacks.
What are targeted ransomware attacks and why they’re growing
As cybersecurity science becomes more mature with deep learning and synchronized automatic protections, besides other advancements, it is steadily becoming capable of disrupting the commodity ‘spray and pray’ business of malware infections.
This is forcing cybercriminals to now launch targeted ransomware attacks that rake in millions of dollars. Targeted ransomware is the hard part for cybercriminals as targeted ransomware can’t be bought on the dark web. Attackers need to get their hands on the keyboard and indulge in a little DIY. Sometimes they can use parts available through Ransomware as a Service. But we switch from an automatic blind attack to fine jewelry with manual actions in order to bigger make bigger ransom demands.
Instead of relying on automation and generic ransomware programs, highly skilled hackers now research government bodies and enterprises, find targets, break into their computers, escalate privileges, disable poorly protected security tools, prepare to encrypt or safely remove backups, and wait for the right moment to launch a massive internal ransomware infection thanks to lateral movements.
Since these cybercriminals spend so much time and effort into the process, they reap high rewards and demand a hefty ransom. Criminals enjoy massive paydays with successful targeted ransomware attacks (as much as $50,000 per attack), and so these threats are here to stay!
Why cyber insurance is becoming one of the possible ways for businesses to keep their money and reputation intact
It’s nearly impossible for an organization to prevent itself from occurring on a targeted attacker’s list. Unless they get off the internet completely, and still it’s not certain.
But, there are a few things organizations can do to mitigate the risk:
- Harden (for real) and Check all your operating systems – For example, Antivirus (EPP