Fear inflation: why hackers raised prices by 33% (and what your backups have to do with it)

Imagine you decided to teach a local extortionist a lesson and stopped giving him pocket money. It would be logical to expect him to go look for other work, right? In the world of cybercrime, everything works the exact opposite. Over the past year, hackers' income from a single successful attack has jumped by a third. While the cybersecurity industry celebrates a small victory — companies really have started refusing extortionists more often — the criminals themselves simply revised their price list and survival strategy in the new realities.

Previously, the strategy was simple: make money through volume. Mass mailings, cheap ransomware, small sums that it was easier for businesses to pay than to spend a week recovering servers. But times have changed. Companies acquired decent backups, hired specialists, and, most importantly, began following regulators' recommendations not to sponsor crime. It seemed the market should shrink. But hackers turned out to be decent economists. To compensate for the falling number of successful attacks, they simply raised the average payment for those who still fall into their nets.

This 33% increase is not a random figure and not just dollar inflation. It's an indicator of how much more professional the groups have become. Now they don't just cast a virus net — they conduct deep reconnaissance. Before encrypting data, hackers study the victim company's financial reports, check their insurance, and assess how much the company could lose per day of downtime. When they present the bill, they know exactly: this sum is painful, but manageable. And since people are paying less often, each payer now covers for three who refused, maintaining the profitability of this dubious business.

We can't forget about the double extortion tactic that has become an industry standard. Previously, you simply lost access to your files. Today, that's not enough. Hackers first steal confidential data, then encrypt it. If you have backups and proudly refuse to pay for the decryption key, you face a second ultimatum. Either you pay, or your clients' data, financial reports, and personal correspondence end up in public access. This hits where it hurts most — reputation and legal liability. It's for this expanded service package that hackers add those very percentages to the ransom price.

It's interesting how artificial intelligence fits into this scheme. If previously preparing a quality attack on a large corporation took weeks of manual labor, now language models help write phishing emails that are almost impossible to distinguish from real colleague messages, and find vulnerabilities in code on the fly. Criminals' costs are falling while their demands grow. This creates a dangerous gap: defending yourself becomes more expensive, and the price of even the slightest mistake skyrockets. The irony is that automation has made hackers more efficient resource managers.

The situation with cyber insurance also adds fuel to the fire. Insurance companies, seeing such appetites from malefactors, either raise premiums sky-high or impose such strict requirements for IT infrastructure that it's harder to meet them than to build a digital fortress from scratch. We're entering a phase where cyberspace is becoming a zone of high inflation of risks. The era when you could buy yourself out cheaply is officially over. If your business caught the attention of a modern group, they won't settle for a couple of bitcoins as a tip. They came for a significant chunk of your budget.

The bottom line: Hackers have moved from mass robbery to elite extortion. If fewer companies are paying, then those who do surrender now sponsor the entire banquet for three who refused. Will the industry be able to finally break this business model through a complete ban on payments at the state level?