Ransomware is malign software that encrypts or exfiltrates data from a compromised system and demands payment for its return. In 2025 ransomware was at the heart of 44% of breaches, up from 10% in 2021, according to Verizon. Manufacturers and retailers are favourite targets, possibly because hackers think their thin margins give them an incentive to pay up fast.
Ransomware attacks were barely known before bitcoin enabled anonymous payments over the internet. Cryptolocker, created in 2013, is widely considered the first modern ransomware. It charged up to ten bitcoin (then merely around $2,000) to restore access to a victim's files.
On the dark web, small criminal groups can buy advanced services from specialised ransomware suppliers. Artificial intelligence makes it easier to stage a big attack, for instance by churning out masses of phishing emails, meaning novices can wreak havoc. Ciaran Martin, the former head of Britain's National Cyber Security Centre, contrasts "thieves"—who sneakily lift data and demand money—with "thugs", who break into systems noisily and demand payment to avoid further damage. Thugs have learned how to maximise extortion and are becoming more common.
Companies typically have ever more weak spots. They connect more devices to their networks, a trend accelerated by remote working, and outsource more functions, including IT. An in-house helpdesk may raise the alarm if 80 consecutive callers try to blag a password reset; the scam is less likely to be spotted if each call goes to a different call-centre worker.
Last year ransomware brought hackers less than $1bn, according to Chainalysis. But the cost to victims far exceeds the ransom: business must be put on hold while networks are re-secured, connected computers must be wiped, and credentials reset. At one firm, screens displaying meeting-room bookings had to be ripped out lest they harbour a re-infection. The British government underwrote a £1.5bn loan to Jaguar Land Rover alone after a 2025 hack strangled its supply chain.
Gartner, a research firm, expects corporate spending on cyber-security to rise to $207bn in 2025, from $165bn in 2023, faster than IT spending overall. A survey by IBM shows that firms using a lot of AI can spot and contain a breach 30% faster than those not using the technology. More human fixes are also being used, such as phishing-awareness training; after the attack on Marks & Spencer, some companies began insisting that staff with high levels of clearance have their passwords reset in person.
As long as criminals focus attacks on firms in the West, countries such as China and Russia, in which many hacking gangs are based, see little need to crack down. Some American states already forbid public bodies from making ransom payments; Britain is planning something similar. Police generally advise against paying.
Munich Re says that in 2024 global cybercrime premiums amounted to $15bn, a tiny sliver of the insurance market, but a sum expected to double by 2030. A policy often comes with other help, such as an instant-response team or cheaper security software. Take-up is low: roughly one in ten small- to medium-sized businesses have a policy, against around six in ten big firms. Larger firms are beginning to require suppliers to get insured.
birth, n: The first and direst of all disasters.