The Threat of Ransomware to Businesses

Article by • August 3, 2022

Explore More

The Threat of Ransomware to Businesses

Almost every business needs modern technology to stay competitive in their industry. This can even include housing proprietary company information and procedures on cloud platforms. Despite the business advantages digital transformation offers, it also opens up new risks you need to effectively manage. One risk that needs to be managed is the threat of a ransomware attack.

A Ransomware Attack is a type of malware assault in which the attacker seizes the user’s data, folders, or entire computer until a “ransom” price gets paid. This article will discuss what makes ransomware deadly to a business’s infrastructure.

How a Ransomware Attack Works

Most attackers use typical phishing emails to launch ransomware attacks. These emails allow the infected file to access the victim’s computer if the victim downloads a file from the email. In most circumstances, attackers use PDF, DOC, XLS, or other common file types to hide the ransomware.

The ransomware code takes over the victim’s system as soon as a file with malicious code is downloaded on the victim’s device. Ransomware can also remain dormant on a device until a user interacts with the file carrying the code. Depending on the computer’s settings, ransomware may proceed to attack files, folders, or the entire system.

The Risks Businesses Face from Ransomware Attacks

Ransomware attacks come with several dangers, including the potential loss of access to crucial files and delays in key corporate operations. Many businesses experience extended periods without access to important files, costing thousands or even millions of dollars in lost productivity.

In addition to the delays in company operations, companies need to pay ransom to cybercriminals. However, even after paying the demanded sum, the vast majority never recoup all of their data. Additionally, afflicted organizations still need to revamp the cybersecurity measures they take after a ransomware event.

To make matters worse, malware attacks on a company’s data also wreak havoc on its public image. As one might expect, customers and business partners will have less faith in a company if it fails to protect its data.

How Much Do Ransomware Attacks Cost?

SamSam ransomware alone earned $1 million in ransom money in the first quarter of 2018. For the most part, medical institutions and healthcare organizations are more susceptible to ransomware since they are more inclined to pay if their systems are in danger of infection. According to a Sophos report, 66% of healthcare organizations experienced a ransomware attack in 2021.

In 2017, ransomware attacks on financial institutions infiltrated 90% of the sector, according to industry estimates. Comparing Q4 2018 to Q4 2019, the average ransomware demand rose to $84,116. 

Although some industries are more likely to be attacked, ransomware attacks can impact any business.

Furthermore, 2021 was a crucial year for ransomware. Although most businesses decide not to reveal ransomware payments, some victims have done so. By doing this, they may highlight the threat of ransomware for up-and-coming business owners while assisting law enforcement and cybersecurity researchers in combating it.

Real-World Examples of Ransomware Attacks

While businesses continue to become more aware of ransomware attacks, they still regularly occur. Here are just a few of the countless real-world examples of ransomware attacks:


REvil is a group alleged to be behind several recent ransomware assaults. The group hit PC maker Acer with a $50 million ransomware demand in March 2021. The hackers turned down Acer’s offer to pay $10 million in return. In October 2021, a second hack on Acer’s servers in India occurred; this time, the Desorden Group was responsible for the data theft.


In May 2021, the top German chemical producer Brenntag paid a DarkSide RaaS attacker a $4.4 million ransom. The group’s North American servers were the target of the ransomware attack, and the hackers said they had taken over 150 GB of data. Despite denying having acquired the credentials, the attackers claimed to have accessed Brenntag’s systems through stolen credentials.

CNA Financial Group

In March 2021, CNA Financial Group, a Chicago-based insurer, paid a startling $40 million to ransomware hackers just two weeks after a significant data breach.

According to reports, the cybercriminals allegedly created Phoenix Locker ransomware. This ransomware reportedly got employed by the Russian cybercrime group Evil Corp. The FBI offered a $5 million reward in 2019 for information that resulted in the capture of the group’s suspected leader.


JBS is the largest beef supplier in the world, and they paid cybercrime group REvil an $11 million ransom following an attack in May 2021 that forced the closure of operations in the US and Australia. The payment, according to JBS, was given to guarantee that the stolen data would not be exposed, even though the company could repair most of its systems on its own.

Colonial Pipeline

The Colonial Pipeline is the largest refined oil pipeline system in the US, pumping a maximum capacity of up to 3 million barrels between New York and Texas daily. Thus, it is not surprising when it made headlines across the globe on May 7, 2021, when it was subject to a DarkSide RaaS attack.

Colonial Pipeline immediately decided to pay, but not before fuel shortages in the Southeast US increased and hours-long lines started to form at petrol stations. A month later, the US Department of Justice declared that it had successfully recovered about $2.3 million of the ransom.

Threat of ransomware_ Colonial Pipeline


Security teams need to be more aware of the threats posed by ransomware as it continues to expand across industries as a threat every business needs to mitigate. Fortunately, you can effectively reduce your risks of falling victim to a ransomware attack by taking a comprehensive approach to cybersecurity.

Here at Pentest People, we created our Ransomware Defence Assessment, to actively mitigate the threats and risks of ransomware attacks against businesses.

The Threat of Ransomware Overview

Video Transcript

Hi, my name is Lewis and today I’m gonna be talking to you about ransomware.
First thing we’re going to cover is what actually is ransomware. Ransomware is a form of malware that attacks files, folders or even an entire system and usually comes through sophisticated phishing attacks. In most common circumstances the malware is hidden within files such as PDF, DOC xls, and other obvious file types.

The malware activates once the user clicks on the file that was in the phishing email. Once the malware is activated, as I said before, it will go for files, folders, and even entire system then the ransomware gang has all your files under lock and key and will likely ask for ransom to be paid before they release these. However, in many a case, you may pay a ransom and actually not receive your files. In actual fact, it was found that 35% of companies that paid the ransom did in fact not receive their files at all.

What is the actual damage to a business? Well, once a ransomware attack is active, you will see incredible downtime. Not only this, but the cost of a ransomware attack is around 3.4 million. And this is accumulation of both the downtime and the total cost to remediate. 65% of businesses have actually admitted that they have left loyal suppliers after finding out they’re a victim of ransomware.

One attack that you may have seen last year was DarkSide ransomware as a service play on the Colonial Pipeline. This attack was so huge, there was fuel shortages across the US, with the company paying over 10 million in ransom, and only being able to regain 2.3 million after the attack was finished. So it is now more critical than ever that businesses are taking the right steps to remediate issues within their own systems, infrastructure, and even human operation. It’s found that huge human error is one of the major faults in most businesses and leads to ransomware attacks that could cost your company millions.

The main takeaway from this video is that businesses need to be taking a comprehensive approach to cybersecurity. If you or your business is in need of any of our services. Feel free to get in touch today and start becoming more cyber secure.


Andrew is one of the co-founders of Pentest People. He is a veteran of the Cybersecurity industry with many years of experience in building and running Security focussed businesses.