Cybercrime becomes business as ransomware gangs seek more

At a time when consumers are spending less, companies are increasingly turning to the vast B2B market to increase their profits.

They are not alone. Criminals have also taken notice of the multi-trillion dollar B2B landscape.

A recent report shows that cybercriminals are increasingly targeting businesses rather than individuals through ransomware attacks, hoping to generate more profit.

Ransomware inflows rose to a record $459.8 million between early 2023 and mid-June 2024, with the median ransom payment in these attacks jumping from approximately $200,000 to $1.5 million. According to the report, this spike in the value of ransom payments suggests that cybercriminals are “prioritizing targeting larger enterprises and critical infrastructure providers who are more likely to pay high ransoms due to their deep pockets and systemic importance.”

Companies, particularly in sectors such as healthcare, finance and critical infrastructure, possess vast amounts of sensitive data. The loss or public exposure of this data can have catastrophic consequences, including regulatory fines, loss of customer confidence and operational shutdowns.

The increasing prevalence of sophisticated ransomware attacks is forcing businesses of all shapes and sizes to rethink their cybersecurity strategies.

Read more: New wave of major cyberattacks exposes key weaknesses in enterprise security

Why Businesses Are Targeted by Cybercriminals

One of the main reasons cybercriminals target businesses is the potential for higher ransoms. While individuals may be forced to pay a few hundred dollars to regain access to their personal files, businesses, especially larger enterprises, are often willing to pay tens or even hundreds of thousands of dollars to avoid the operational downtime and reputational damage that a ransomware attack can cause.

At the same time, ransomware gangs have evolved from small-time hackers into organized crime syndicates with sophisticated tools, strategies and business models.

These gangs have realized that modern businesses are often part of complex supply chains, with multiple partners and suppliers connected via digital networks. A successful ransomware attack on one company can have a cascading effect on its partners, suppliers and customers, increasing the damage and creating more pressure to pay the ransom. Cybercriminals are well aware of this interconnectedness and use it to their advantage, often targeting smaller, less secure suppliers to gain access to larger enterprises.

This happened in June, when the data breach at cloud storage and data warehousing provider Snowflake affected at least 165 customers, including AT&T, LendingTree subsidiary QuoteWizard, Advance Auto Parts, Ticketmaster, Santander Bank and others.

According to reports, the same hackers demanded ransoms ranging from $300,000 to $5 million from the hacked companies.

Read more: Dissecting the Criminal Mind: Why They Target Corporate Data

Defending against the ransomware threat

The rise of Ransomware-as-a-Service (RaaS) has democratized cybercrime, allowing even those with limited technical skills to launch ransomware attacks. In this model, skilled developers create and maintain ransomware strains, which they then rent out to less experienced criminals.

Developers take a cut of the ransom payments, creating a profitable and scalable business model. This has led to an explosion in ransomware attacks, as more criminals can now participate in this lucrative market.

“If you feel like you know everything about security, you don’t,” Ron Green, cybersecurity fellow and former chief security officer at Mastercard, told PYMNTS for the series “What’s Next in Payments: Protecting the Perimeter.”

During the same conversation, Green explained that one of the common challenges many organizations face internally is the perception that security measures slow down business processes. The reality, he argued, is that when security is built in from the start, it increases agility.

Investing in threat intelligence and monitoring can help businesses detect ransomware attacks before they cause significant damage. Advanced threat detection tools can identify suspicious activity, such as unusual network traffic or unauthorized access attempts, allowing security teams to respond quickly.

“You’re only as safe as your weakest link,” Chris Wyatt, Chief Strategy Officer at Finexio, told PYMNTS. The key, Wyatt said, is to have a comprehensive contingency plan, one that includes not just technical solutions but also well-documented procedures for dealing with incidents once they occur.

And with the latest PYMNTS Intelligence in “How the World Does Digital” highlighting that the world is becoming increasingly interconnected and interdependent, it is becoming increasingly important for businesses to maintain secure cyber hygiene and reduce critical attack surfaces.