Show us an I.T. executive who is not concerned about a ransomware attack, and we’ll show you someone who believes the world is flat. In fact, a June 13 article published by CIO.com put cybersecurity No. 3 on the list of 10 biggest issues facing I.T. today.

And for good reason, as the cost of a ransomware attack continues to rise. In June, PaloAlto Networks – a leading ransomware mediation company – reported that the average ransomware payment worked by its consultants rose to $925,162 during the first five months of 2022, an increase of 71% from 2021. Even worse, that cost doesn’t include the expenses associated with downtime, reputational harm, and other damages.

“Those costs are staggering when you consider the trajectory of their growth,” wrote Ryan Olson. “The average ransom payment in cases worked by our consultants in 2020 was about $300,000. It’s hard to believe that the majority of transactions seen by our incident responders were $500 or less in 2016.”

Is it Only Money that Attackers are After?

For ransomware attackers, it comes down to this: Your money or your data. However, it’s not always as simple as that. What kind of data are attackers really after? Does the industry you’re in make a difference? A June 16 report released by Rapid7 shed some light on these questions. Using 161 unique data disclosures between April 2020 and February 2022, Rapid7 identified some alarming trends, including the most common types of data disclosed by attackers in some of the most highly affected industries, and how leaked data differs by threat actor group and target industry.

  • In the healthcare, pharmaceutical, and financial services industries, financial data was the most leaked at 63%, followed by patient and customer data at 48%.
  • In ransomware incidents associated with Conti cyberthreat actors, financial data was leaked 81% of the time, while the Cl0p ransomware gang released financial information only 30% of the time, but also leaked employee information 70% of the time.
  • Around 82% of financial services data disclosures were related to customer information, and 50% of leaked data included internal company financial data.
  • In the pharma and healthcare sectors, 71% of leaked data was related to internal financial information.
  • In the pharma sector, 43% of all data disclosures included intellectual property.

So What?

Why are the above data points important? Because it shows that ransomware attackers are targeting organizations that that must endure the additional pressure of regulatory and legal repercussions.

That’s not all. Healthcare and financial data include detailed patient and client information that enables cybercriminals to perpetuate other kinds of fraud, including identity theft. Pharma data includes proprietary information that, if exposed, could have severe financial and operational repercussions.

In short, the healthcare, pharmaceutical, and financial services industries are not being targeted by happenstance. They are being targeted because cybercriminals can extort the maximum payout in the shortest amount of time with the least amount of resistance.

This is worrisome, and it’s only going to get worse before it gets better.