While cybercrime is just the latest incarnation of theft in the digital age, a new article in Dark Reading offered a new estimate by Internet Society’s Online Trust Alliance says that the total financial impact of cybercrime exceeded $45 billion in 2018.

It’s so successful that on May 31, 2019, the creators of the GandCrab ransomware announced they were shutting down their Ransomware-as-a-Service (RaaS) operation. While that sounds like great news for the good guys, they claim that they were earning $2.5 million a week and $150 million a year. They also claimed that their ransomware earned over $2 billion in ransom payments since it was introduced in January, 2018. While these numbers cannot be independently verified, the authors claim to have essentially laundered that money and are now retiring.

Ransomware made headline news in 2017 with the well-known WannaCry ransomware attack. Using an exploit in Microsoft Windows, the files on the infected computer were encrypted, and a decryption key was then made available for the end user to purchase using the cryptocurrency. The attack was contained, but not without a cost. There were 327 payments totaling over $130 million dollars.

While quick thinking was able to find a “kill switch” and help to mitigate additional infections, the potential damage came to light. Europol estimated that up to 200,000 computers in 150 countries were impacted, including up to 70,000 devices of the National Health Service (NHS) in England and Scotland. Impacted devices included computers, MRI scanners and blood storage refrigerators. In addition, non-critical patients needed to be turned away as the attack was underway. While the attack was contained, it is easy to envision the potential for death or destruction.

While a direct impact is felt to infected enterprises, there is a second group that is directly impacted by these attacks. The City of Baltimore, Maryland, was hit with a ransomware attack that began on May 7, 2019. Two months later some of the city’s systems were still unavailable. Citizens were unable to pay their taxes or their water bills. City employees resorted to using personal email accounts. Home buyers and sellers had to wait for the city to implement manual processes for home sales. While hackers demanded a ransom of about $76,000 in bitcoin, the projected financial impact from the attack is estimated to have cost the city $18.2 million and that amount is expected to grow.

While ransomware has faded a bit from the headlines, it still is a persistent threat to enterprises. Over a quarter of UK firms have suffered a ransomware attack over the past year, a major increase on figures from 2016. Ransomware is a threat – and one that enterprises need to be on the constant lookout for.