2020 Predictions for Ransomware

This is our first annual roundup of expert predictions for the coming year. Here’s what leading industry figures have to say about ransomware trends coming in 2020.


  • Ransomware continues to be easy cash for hackers, recently reaching an average payout of $41,000 USD. Given ransomware’s proven track record, it’s time for hackers to take it to new markets. Critical infrastructure is a prime target: while most ransomware isn’t built to target this type of infrastructure, it can still be used in those environments, and shutting down a power grid is certainly going to yield a significantly higher than average payout – not to mention it could lay the foundation of distrust in the government’s ability to protects its citizens. Critical infrastructure is due for another significant breach anyway, making 2020 the perfect opportunity to introduce ransomware into this space. James Carder, CSO and Vice President of LogRhythm Labs


  • Ransomware attacks on cities and governments will continue to grow. A number of successful ransomware attacks targeting large organizations, critical infrastructure, branches of government and cities were conducted in 2019. These coordinated cyberattacks can cripple victims completely, shutting down core services and rendering operations useless. We’ll likely see organizations not prepared for such attacks continue to pay out ransoms in order to avoid downtime and loss of data. Unfortunately, these successful pay-outs show hackers that ransomware can be quickly profitable (and relatively easy to pull off), which will cause ransomware attacks to grow in 2020 as cybercriminals continue to evolve their techniques and coordination strategies. – Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs


  • Ransomware will continue to be extremely successful in 2020, especially across healthcare and state & local industries. For the first time we may unfortunately see an attack that results in death(s) due to critical and timely information being unavailable for a patient in an ICU. The reason for ransomware and other malware being so easily able to inflict damage is our continued reliance on security tools that chase badness (rather than ensuring good). As is well-known it is impossible to detect all badness with a high degree of confidence by relying on the enumeration of badness approach. – Nir Gaist, Founder and CTO of Nyotron


  • Ransomware attacks on businesses and governments will continue at a more rapid pace, due to newly formed vulnerabilities. Overall, we are probably going to see some of the 43,000+ vulnerabilities discovered over the last two years show up in future Exploit Kit offerings. – Malwarebytes Labs


  • Ransomware will continue to be the growth driver in cyber-crime. The reason is simple, it’s the shortest distance between investment and revenue for its perpetrators. Unlike, identity theft, crypto-currency theft, or bank fraud, ransomware is a fast, cheap, and effective method of extracting fees from victims. But ransomware too is showing signs of maturity. The rate of appearance of new ransomware families fell by half in 2019(1). The reason for this is that the families that did appear were more sophisticated, harder to prevent, and contained better distribution mechanisms. – Srinivas Mukkamala, CEO of RiskSense 


  • At the same time, the average ransomware demands have increased rapidly to $36,000 in the second quarter of 2019(2). But this number really understates the risk as perpetrators have adopted a more sophisticated pricing model which charges larger organizations much higher ransoms to unlock their data. Rivera Beach, FL, for example, had to pay $600,000 to unlock the city records encrypted by a ransomware gang while Korean hosting company Nayana paid $1m to unlock 3,400 hosted websites(3). Srinivas Mukkamala, CEO of RiskSense 


  • Refusing to pay can cost even more as Norwegian aluminum maker Norsk Hydro learned when they spent $58m in the first half of 2019 to remediate the ransomware attack they experienced in March. The company’s Q1 profit also fell 82% due to production downtime caused by the attack(4). The implications for security professionals of these trends are clear. The time has come to move from a strictly defensive posture vis-à-vis ransomware to a more offensive strategy focused on finding and fixing vulnerabilities that can be exploited by ransomware. Srinivas Mukkamala, CEO of RiskSense