In periods of softening consumer spend, businesses are increasingly turning to the vast B2B marketplace to boost their bottom-line.
They aren’t alone. Criminals have taken notice of the multi-trillion-dollar B2B landscape, too.
A recent report shows that cyber criminals are increasingly targeting businesses, not individuals, with ransomware attacks in the hopes of capturing a bigger payday.
Between early 2023 and mid-June 2024, ransomware inflows rose to a record-breaking $459.8 million, with the median ransom payment in these attacks leaping from about $200,000 to $1.5 million. Per the report, this spike in the value of ransom payments suggests that cybercriminals are “prioritizing targeting larger businesses and critical infrastructure providers that may be more likely to pay high ransoms due to their deep pockets and systemic importance.”
Businesses, particularly in sectors like healthcare, finance and critical infrastructure, possess vast amounts of sensitive data. The loss or public exposure of this data could have catastrophic consequences, including regulatory fines, loss of customer trust and operational shutdowns.
The growing prevalence of sophisticated ransomware attacks is forcing enterprises of all shapes and sizes to rethink their cybersecurity strategies.
Read more: Fresh Wave of Major Cyberattacks Exposes Key Enterprise Security Weaknesses
One of the primary reasons cybercriminals are targeting businesses is the potential for larger ransoms. While individuals might be coerced into paying a few hundred dollars to regain access to their personal files, businesses, especially larger enterprises, are often willing to pay tens or even hundreds of thousands of dollars to avoid the operational downtime and reputational damage that a ransomware attack can cause.
At the same time, ransomware gangs have evolved from small-time hackers into organized crime syndicates with sophisticated tools, strategies and business models.
These gangs have realized that modern businesses are often part of intricate supply chains, with multiple partners and vendors interconnected through digital networks. A successful ransomware attack on one company can have a cascading effect on its partners, suppliers and customers, amplifying the damage and creating more pressure to pay the ransom. Cybercriminals are acutely aware of this interconnectedness and use it to their advantage, often targeting smaller, less-secure vendors to gain access to larger enterprises.
This is what happened in June, with the data breach on cloud storage and data warehousing vendor Snowflake impacting at least 165 customers including AT&T, LendingTree subsidiary QuoteWizard, Advance Auto Parts, Ticketmaster, Santander Bank and others.
Those same hackers were reportedly demanding ransom payments ranging from $300,000 to $5 million from the breached companies.
Read more: Dissecting the Criminal Mind: Why They Target Company Data
The rise of Ransomware-as-a-Service (RaaS) has democratized cybercrime, allowing even those with limited technical skills to launch ransomware attacks. In this model, skilled developers create and maintain ransomware strains, which they then lease out to less-experienced criminals.
The developers take a cut of the ransom payments, creating a profitable and scalable business model. This has led to an explosion in the number of ransomware attacks, as more criminals can now participate in this lucrative market.
“If you feel like you know everything in security, you don’t,” Ron Green, cybersecurity fellow and former chief security officer at Mastercard, told PYMNTS for the series “What’s Next in Payments: Protecting the Perimeter.”
During the same conversation, Green explained that one of the common challenges many organizations face internally is the perception that security measures slow down business processes. The reality, he argued, is that when security is integrated from the beginning, it enhances agility.
Investing in threat intelligence and monitoring can help businesses detect ransomware attacks before they cause significant damage. Advanced threat detection tools can identify suspicious activity, such as unusual network traffic or unauthorized access attempts, allowing security teams to respond quickly.
“You’re only as secure as your weakest link,” Chris Wyatt, chief strategy officer at Finexio, told PYMNTS. The key, Wyatt said, is to have a comprehensive contingency plan in place, one that includes not just technical solutions but also well-documented procedures for dealing with incidents as they arise.
And with the latest PYMNTS Intelligence in “How the World Does Digital” underscoring that the world is growing more interconnected and dependent, maintaining safe cyber hygiene and shrinking critical attack surfaces is becoming more important for businesses.