The goal of the hackers is not to destroy or permanently encrypt the data, but to secure fast payment of the ransom. That is the ransomware business model – quick cash. Historically, the amount of ransom demanded by the perpetrators has been relatively low in order to make its payment the logical choice for the victim; pay a nuisance sum and have access to one’s data restored quickly. In the early ransomware incidents of several years ago, the ransom was often as low as $100. According to the recent Crypto-Ransomware Survey of IT Experts performed by Researchscape International, the median amount of ransoms paid more recently is approximately $250, with one quarter of the ransoms paid amounting to $551 or more. Despite these still relatively modest ransom amounts, future demands will certainly seek even larger amounts of money, if for no other reason than simply because the hackers can get it. Indeed, the $17,000 ransom payment made in the Los Angeles hospital case demonstrates a significantly steeper price that companies are willing to pay for the return of access to their data.
Read more in Claims Journal.