Randori named leader in Attack Surface Management in GigaOm ASM Radar Report

June 9, 2021

The Rising Cost Of Ransomware – 2021 Report

By: Keegan Henckel-Miller

Share on facebook
Share on twitter
Share on linkedin


Just under a month from the ransomware attack on Colonial Pipeline, which was compromised via a weak VPN password on its attack surface, and triggered gas and jet-fuel shortages and panic buying among U.S. consumers, another devastating ransomware attack hit the beef processing plant JBS. The processing company accounts for one-fifth of the daily U.S. cattle harvest, and the attack caused similar ripples — JBS facilities were forced into shutdown as the company got operations back online, and company executives speculated about the increasing costs of wholesale beef prices for consumers. The risk of ransomware to businesses is growing faster than ever — attacks have surged more than 700% and the malware has created a $20B a year industry

But before ransomware hockey-sticked into a booming industry for attackers and became a headline-making boogeyman, CISOs and participants of the dark web would tell you its growth was predictable. Randori recently conducted a survey of security decision makers at the one-year anniversary of the shift to remote work due to the pandemic, to understand how enterprise security programs responded to challenges of remote work, cloud migrations, and shadow IT. We discovered that ransomware struck nearly half of businesses within the past 24 months, and forced CISOs to agree that the threat should be considered a “cost of business.”  And, eight in ten acknowledge that ransomware is a symptom of a larger problem.


  • 50% of companies have experienced a ransomware breach in the last 2 years 
  • 74% of security leaders agree ransomware is a cost of doing business today
  • Nearly half (47%) of all ransomware attacks in the past two years were paid 


Faced with a growing onslaught of attacks, security teams are increasingly looking to adopt more proactive and innovative ways to reduce their operational risk from ransomware. After suffering a ransomware attack, 87% of decision makers changed their security strategy after getting hit with ransomware, with 40% increasing their spend. Companies shifted their strategy to increase focus on:

  • Prevention (51%)
  • Resiliency (48%)
  • Visibility (47%)
  • EDR & Disaster Recovery (46%)

With shadow IT and web-based exploitation accounting for a growing share of ransomware attacks and one third of all breaches, hardening and reducing an organization’s attack surface has become a must-do tactic, and our research shows that security leaders rank attack surface management (ASM) as one of the three things to do to reduce the risk for ransomware.


While operational shutdowns and high ransom payouts grab headlines, the cost to remediate, recover, and restore business operations, even if an attack is unsuccessful, can dramatically exceed the cost of the ransom itself. Enterprises have a strong economic incentive for teams to reduce the number of infections. 

4 Steps to Reduce Enterprise Ransomware Risk

  1. Know What’s Exposed: By the time an attacker is on your devices and thinking of holding you for ransom, it’s already too late. Ransomware attacks are painful and get a lot of attention but are simply the latest symptom in a deeper problem with security programs today — the inability to assess and proactively reduce risk. Based on initial reports, Colonial was able to proactively halt operations to prevent further damage but not without disrupting operations. If you want to prevent disruption from ransomware attacks, like the one against Colonial Pipeline, you have to cut them off at the source by hardening your external attack surface and curbing phishing.
  2. Harden Your Top Targets First: Know where attackers are most likely to strike first. Organizations often have tens of thousands of exposed assets on the internet, the key is to find the ones hackers will target first. Gartner suggests investing in an external ASM platform that specializes in providing the “attacker’s perspective,” like Randori. This will provide you with an external perspective of your business using the same advanced techniques threat actors use to identify your most tempting ransomware targets — helping you zero in on your greatest risks quickly.
  3. Test Your MDR and IR Capabilities: Your attack surface is always changing and ultimately a hacker will gain access. When this happens you need to know if your security program can contain the threat. Traditional penetration tests and newer breach and attack simulation (BAS) solutions focus on configuration testing and control validation. These solutions can be helpful at ensuring systems are set up as expected, but they provide little insight into your team’s ability to defend against threats in a real-world scenario. For those without an internal red team, invest in continuous and automated red teaming platforms, like Randori and enable your team to quickly test your defenses in an ongoing and authentic manner. Platforms like these enable you to build a scorecard of your managed detection and response (MDR) and incident response (IR) effectiveness that can be used to build the case for further investment or assess the effectiveness of previous investments and create valuable opportunities for your team to gain experience before a real incident occurs.
  4. Slow It Down — Create Redundancies and Backups: Build in layers of defenses and controls to act as redundancies.  Create a lot of hoops — a lot of individual failures — for an attacker to jump through to successfully pull off an attack. This includes having a backup, but be sure to not use your normal admin credentials to encrypt your backups, and make sure your admin accounts can’t delete or modify backups once they’ve been created. Your backup target should not be part of your domain.


Randori partnered with Market Cube, a third-party research company, to survey more than 400 security decision-makers nationwide to understand how the COVID-19 pandemic affected their security operations. Market Cube surveyed respondents in February 2021.


The Randori Platform was designed to think and act like the hacking groups executing ransomware attacks. Our attack platform identifies the targets hackers will attack first, exposing where and how attackers will strike your environment. Sign up now to get your free hacker assessment.

With this free assessment you will gain:

  • Instant visibility to your most exposed assets
  • A hacker’s assessment of where they’d strike first
  • Actionable insight to reduce your ransomware risk today

Get Your Free Hacker Assessment

Additional Resources

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.