The cost of ransomware attacks will go beyond 9000 in the next decade

June 10, 2021 by Lucian Mogosanu

The title is a shameless paraphrase of one random piece grabbed off the internets, which sounds something along the lines of:

A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion (USD) in 2017, up from $325 million in 2015 -- a 15X increase in just two years. The damages for 2018 were predicted to reach $8 billion, for 2019 the figure was $11.5 billion, and in 2021 it's $20 billion — which is 57X more than it was in 2015.

Despite authorities' recent success in busting several ransomware gangs, this particular breed of malware has proven to be a hydra -- cut off one head and several appear in its place -- and all signs are that the coming decade will be no less problematic.

Ransomware will cost its victims more around $265 billion (USD) annually by 2031, Cybersecurity Ventures predicts, with a new attack every 2 seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities. The dollar figure is based on 30 percent year-over-year growth in damage costs over the next 10 years.

That represents a significant acceleration from recent years, when scattershot ransomware was building momentum and extracting money from a largely unaware world.

There's more, of course, so bear with me for the following hand-picked examples:

and the icing on the cake:

By the time folks in the Shithole Republic from Nowhere, also known among Romanian speakers as "curu' pământului", i.e. literally, the butt-end of the world... anyway, by the time these guys start talking about spyware and other such technical wonders, one finally figures out that the shit's thick and everyone and their dog are going to start giving lectures on "ransomware", "cyber attacks", "security" and whatever other terms Pravda'll be throwing around for mass consumption in five, four, three, two... I mean what the hell, even Vice are providing a (no doubt, mostly Google-translated) somewhat-informative article on the matter, or at least on some matter, which we'll hopefully discern in these paragraphs.

Now for the analytic portion of our article, point by point:

Point numero uno: both your Brother and Eastasia are exploiting the very same infrastructure. There is no difference, technically speaking, between the FBI's attempt to read your iMessages and "the Russians'" attempt to control or disable some piece or another of critical infrastructure. Not only do they use the same software and hardware, but the government politruks were precisely as stupid as the average smartphone user when they threw their money at the "security" racket, on grounds of "standardized security practices", of course, of course. In other words, as far as security is concerned there is no difference between the Microsoft and "open source" (i.e. Google et al.) philosophies of making computer-based systems. They both support as much security as my left foot's pinky, which point was as clear as daylight as early as 2013.

Point numero dos: no one gives two shits about the fate of the average smartphone user. The overeducated governmental shitheads don't care, but they're frightened enough that they'll spend however much money "is needed" on "security updates", and when they run out of money they'll rather disable the damned computers altogether than let them wreak havoc. The "bad guys", on the other hand, don't particularly care about holding some broke rando's dickpicks for ransom, they aim at a. gaining information before their adversary and b. controlling as much computing power as possible, which will at some point inevitably include the rando's smartphone.

By the way, one of the local pizzerias announced me yesterday of a security incident wherein their database was leaked... again! which exposed some of my "personal data" a second time, as if some dude is going to prank me by ordering hundreds of pizza in my name. The bottom line is that you can cry all you like, no one can stop anyone from exposing your digital traces, so you'd better prepare for that starting... well, yesterday? That's still way too late.

Point numero tres: speaking of information, "security" is a deeply asymmetrical game. Best case, the "bad guys" stumble upon some vulnerability that was put in place by the NSA, in which case the latter will have enough time to roll out their mythical security updates and replace the vulnerability with some other hole. Worst case, the "bad guys" find out about the vulns first, and then it won't matter how many billions of dollars the NSA will throw at the problem. Now, if we think how this asymmetrical game extends to unknown unknowns, the informational war suddenly gets much more interesting. Painful for the smartphone user, yet interesting nevertheless.

Point numero cuatro: there is no way to evaluate the costs of cyber attacks. First you were all "we don't negotiate with terrorists", then you paid however many billion dollars, then you gave away your daughter, and then... what? You tell me. In other words, computing is becoming more and more visibly expensive by the day and you're either smart enough to evaluate the costs, or otherwise you're better off without any sort of technology whatsoever. There's very little wiggle room between the two options, so tread carefully.

Point numero cinco: by the looks of it, the Westerners are playing a losing game, as their so verily flaunted intellectual property is proving to be worthless to everyone, while their intellectual flaws are so profitable to their adversaries. Or, to quote myself:

We are however not so keen to evaluate the ways in which AI will make our lives more miserable, or the ways in which we will make ourselves more miserable in order to fit the world views of AI. This too will be part of Westerners' undoing.

Filed under: olds.
RSS 2.0 feed. Comment. Send trackback.

5 Responses to “The cost of ransomware attacks will go beyond 9000 in the next decade”

  1. #1:
    VV says:

    As long as "investors" are buying everything left and right [1], I don't see why the "market for violence" would be shielded from inflation.

    Ransomware operators with established reputation (long term, cryptographically-proven) will be tempted by that cheap capital "Yo, Thoma Bravo, ma men, we selling some contract, give us 500K now and you can get that juicy key for free when the time comes. Great investment, you can even resell it, price will riiiiise"


  2. #2:
    spyked says:

    O wow, that's quite a refreshing piece, thank you! For some reason it reminds me of the ol' sidewalk curb placing "businesses" in Bucharest, only now with New York subways. "They do things differently over in the West", he said -- no man, they do things in precisely the same brain-damaged manner, with the very same results and so on.


    They are panic hiring a security engineer in Romania.

    I went through their linkedin ad and noticed they didn't even bother to spellcheck it. Y'know, with all the woke bullshit in the US, no wonder they'd rather replace all their rockstar engineers with cheap labour from Eastern Europe.

  3. [...] get it wrong, either intentionally, through backdoors4, or otherwise unintentionally through simple incompetence. On the other hand however, once working automation is deployed in the field, everyone will have to [...]

  4. [...] you folks'll rewrite systemd in Rust and all will be well, won't it? Well, thus far I'm unimpressed. Rust seems a definite step backwards, in terms of complexity if for no other [...]

  5. [...] is an excellent idea and pretty much what I've been doing, say, here or here among other places. The press is an easy target for this kind of deconstruction, starting [...]

Leave a Reply