Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It

CoastalCoder

It seems obvious to me that the only real solution is to penalize the payment of ransoms. For the same reasons one doesn't negotiate with terrorists. Is there some reason to believe that this isn't the best approach? And if not, then any theories as to why it hasn't been enacted?

alopha

The idea that the spending needs to grow linearly with the growth is a damning indictment of the mindset of the vast ineffectual mess that is the cybersecurity industry.

_tk_

I think this article mostly shows that publicly announcing a successful ransoming of a company is now more popular than a couple years back.

CodeCompost

Thanks, Satoshi

shrubble

I don't think there is a reasonable correlation, since stopping ransomware doesn't require that much of an increase in spending; it's a culture thing more than a money thing.

everdrive

If ransomware spending must scale directly with ransomware attacks then I don't see how companies could possibly keep up with the spending. A lot of the "gaps" in cybersecurity are essentially spending problems. Companies want to spend as little on it as they can.

Frieren

Stopping Ransomware is trivial if governments knew where the money goes. But cryptocurrencies and lax capital control pushed by the uber-rich makes it impossible. The technology is there and it is used to track the average citizens every move. But when it comes to rich people then the money goes and comes without control (and without taxation). Cryptocurrencies are a great solution to enable criminal activity. Their only use and highly appreciated by terrorists, criminals and dictatorial governments around the world.

rbbydotdev

I wonder what kinds of market hypotheses you could derive from the game theory here

mystraline

Well, given that C levels see cybersecurity has a bad return on investment (read: insurance), Ive seen countless numbers of people laid off these jobs. So yeah, I'm surprised its only 3x, and not even more. A good abliterated local LLM is great at finding dumb exploits and writing ransomware code. And the cybersec professionals? Yeah, theyre pivoting elsewhere and gone.

ingohelpinger

The davos oracle https://youtube.com/shorts/Pqig_vIR4zI?si=G_JpJP90xqO0AQAd

rkozik1989

Wait until companies try powering their businesses with agentic systems. Then businesses aren't paying a ransom to prevent privacy law lawsuits, but rather they'll be paying a ransom equivalent to the black market value of their business.

wslh

There is a publication making a related point in the DeFi security context: as TVL rises, the incentive to attack rises too, and defenses do not (or cannot) automatically scale with it[1]. [1] https://web.archive.org/web/20240911103423/https://www.bittr...

addybojangles

Company culture, training, resources. Sure, that costs money - but there isn't a direct correlation between spend this to prevent that.

pxc

Companies spend a ton of money on very sophisticated, powerful, invasive, and expensive software to protect themselves against ransomware. But the best antidote to many forms of ransomware isn't security software at all— it's offline backups. Like so much in cybersecurity, an analysis by spending categories like this feels like vendors and their marketing teams driving the discourse. Even if we accept that dollars provide the right lens through which to look at this problem, companies that spend more on making sure they have good backups and good restore procedures aren't going to show up as spending more on cybersecurity in this kind of analysis.