Since around the beginning of 2020, businesses have been on high alert for ransomware attacks for good reason. The frequency and cost associated with a ransomware attack has been on the rise. 2021 has already set 2 records for the highest amount ever paid in ransom. CNA paid $40 million only to be passed not long after by computer manufacturer Acer who paid $50 million! There is no clear answer as to why these attacks are increasing, but here are some contributing factors.


You saw this coming, but COVID-19 has certainly played a big role in the increase in ransomware attacks. The increase in attacks lines up almost perfectly with the World Health Organization declaring an emergency. Here are some general reasons COVID-19 has played such a role.

Work from Home and BYOD

It’s a lot easier to spread ransomware if there is no IT staff to keep an eye on employees’ devices or supply those devices at all for that matter. Ransomware spreads easiest when it infiltrates a company via email or RDP exploitation. Meaning that when companies use RDP for remote desktops and servers or employees are not properly trained to spot malicious emails, they can spread ransomware through the company network. BYOD in particular has led to sloppy policies for accessing critical company data and apps such as not using a VPN.

Rapid Business Re-alignment

Businesses that needed to transition rapidly to remote work and communication including their workforce, supply chain, and business communications with clients and partners needed to handle a lot all at once. This makes it easy for cybercriminals to take advantage of increased stress, lack of routine, and oversight.

Supply Chain

Not often discussed in relation to ransomware, but COVID-19 has rocked the global supply chain. This means that it’s critical for businesses to supply what they can right now and disruption like a ransomware attack can be fatal or severely hamper a business during a fragile supply chain.

Businesses are Paying

The bedrock of why businesses are experiencing more frequent and expensive ransomware attacks is simply that businesses are willing to pay the ransom. And although government agencies like the FBI have actively encouraged NOT to pay the ransom, businesses where the owner and employees’ livelihood is on the table simply see no other option.

Some businesses like insurance, healthcare organizations, logistics will often agree to a ransom payment because they have sensitive IP, personal information, etc that can dramatically damage their business should it be released.

It’s why in 2021 2 records were set for ransom payments. CNA paid $40 million then Acer followed up by paying $50 million. Bad actors have also gotten smarter about ransomware, making sure to get sensitive data they threaten to share publicly if the ransom isn’t paid rather than simply locking it down. So if you are a PC manufacturer like Acer with a mountain of intellectual property, you’ve assessed the value of that IP to likely be over $50 million and so you are willing to pay the ransom.

Cyber Insurance Sets a Bounty

So many businesses are getting cyber insurance these days that premiums rose by 22% in 2020, and are set to increase as the market grows and attacks become more costly.

Cyber insurance is an insurance policy that is designed to protect businesses from the risks associated with cyber-attacks, data breaches, and ransomware attacks. But it can have the negative effect of tipping off attackers on how much a business is covered for. So let’s say a business is covered for $200,000 in the event of an attack. The business will likely have far less of a problem paying the $200,000 for a ransom if it is paid by someone else and therefore they don’t use all tools to either negotiate it down or not pay.

Businesses may also become more sloppy with cyber security because if they are covered they aren’t as worried about an attack. This can lead to easier targets and create an open season for ransomware attackers.

Ransomware as a Service (RaaS)

Ransomware as a service is a service that provides ransomware software and resources to cybercriminals. With RaaS, attackers are able to rent the malware from an author or creator’s website (typically found on the dark web) for use in their attacks on computer systems.

Ransomware as a service is often used by low-skilled individuals who do not have the knowledge required to develop these types of viruses themselves.

The process does require some level of skill but it’s far easier than writing original code and allows people without much technical expertise to gain access to this type of malicious program. Most importantly, it reduces the time and money needed to carry out an attack, two things that previously required a ransomware attack to be a highly coordinated operation. All a hacker needs to do now is go to the dark web, pay for and download some ransomware, and plan a semi-coordinated phishing or RDP attack in order to infiltrate your business.

Ransomware as a service has dramatically increased the number of attacks and new ransomware available. Rather than a criminal syndicate like DarkSide using custom ransomware for themselves exclusively, new ransomware is being developed for the purpose of selling on a marketplace.


There are numerous reasons that ransomware attacks are increasing in frequency and these are only some of the biggest reasons. What’s most important is that your business takes the necessary precautions to protect itself from a ransomware attack.

It’s important to mention that prevention is the best way to combat a ransomware attack. The reason is that just because you submit a ransom payment, it doesn’t mean you will receive the decryption keys as promised. Nor does it mean you are impervious to later attacks (quite the opposite actually).

For tips on how to protect yourself, you can read our blog article on ransomware protection. It contains useful tips for how your business can protect itself during this period of stress and remote work.

Zebra Ransomware Stopper Offers Protection

Zebra Ransomware Stopper offers businesses a last line of defense should ransomware compromise your systems.

How? Zebra Ransomware Stopper deploys honey pot files that when triggered, stop a ransomware attack from further encrypting a system. This can save your valuable data and save you the hours, or even days it would take to bring your data back up to date from a backup.

Learn more about how Zebra Ransomware Stopper helps even after an attack penetrates all your other cyber security software.