- According to a new study by Coveware, cocaine trafficking in 1992 and ransomware in 2021 share similar profitability metrics; both activities carry +90 percent profit margins per unit. The major difference lies in the risk taken by the actors.
- In 1992, every two kilos of cocaine trafficked resulted in one person arrested. Every four kilos of cocaine trafficked resulted in one person killed.
- The survey sheds light on why cybercrimes are increasing and why ransomware cybercriminals launch direct attacks against businesses that indirectly impact individuals whose data becomes the hostage.
- To learn about recent data compromises, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.
- If you believe you are the victim of an identity crime, data breach or want to learn more ways to protect yourself from cyberattacks, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.
Say Hello to My Little Friend
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 12, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. This week we explore a theoretical question: which would you rather be – a drug trafficker in 1992 or one of the ransomware operators in 2021. Don’t answer just yet because we are going to do the math.
Crime in the popular culture of the 1980s and early 1990s was fueled by the cocaine trade. Crockett & Tubbs were cops running around Miami in flashy clothes and flashier cars while Al Pacino’s Tony Montana uttered the memorable catchphrase that gives us the title of today’s episode – Say Hello to my little friend.
In Scarface, as in the real world, a life of crime seemed glamorous until the shooting started. Sure, there was lots of money, but there were also some pretty serious downside risks too.
Advantages & Disadvantages of Being Drug Dealers
Coveware, the cybersecurity company specializing in ransomware recovery, has done us all a favor and compared the relative advantages and disadvantages of being a drug dealer in the early 1990s – before the rise of cybercrime – or one of the ransomware operators today.
Let’s start with our friend Tony Montana, a purveyor of the refined coca leaf.
You’re the boss and you demand your team meet certain key performance indicators (KPIs) that you use to manage the business.
Your base unit of product is the kilogram of cocaine, and you generate $60,000 for each “key” sold. That key costs you $5,000 to produce and prepare for sale, including marketing and distribution costs. That leaves you with a cool $55,000 in net profit for a margin of 91 percent. Not too bad, considering you are dealing in a cash business with no taxes.
However, there are downside risks to your upside potential. There is a 50/50 chance you’re going to be arrested and sent to prison. There is a 25 percent chance you will be killed in a hail of gunfire or by ingesting your own product. The barrier to entry is also very high since you will likely have to kill someone or several someone’s to take the top spot in your illegal pharma empire.
Advantages & Disadvantages of Being Ransomware Operators
Now, let’s look at the current crime wave sweeping the world – ransomware. You and your hoodie-wearing clan have a base unit of measurement of an attack against a company. That company may hold the data of many different companies or individuals that you hold hostage unless a ransom is paid. A single attack generates an average of $140,000 in late 2021, according to Coveware. However, the raw material cost is only $2,500. Your net income before paying your pirate’s share to your crew is $137,500, or a positive margin of 98 percent.
Like our fictional drug dealer, there are downsides to being ransomware operators. However, unlike our cocaine peddling friend, you only face a one (1) in 8,000 chance of going to jail. Your one in four chance of dying from lead poisoning as a drug dealer goes to zero, and your barrier to entry is limited only by your technical skills and a conscience.
I ask again, which would you rather be – a rich drug pusher under constant threat of arrest and death, or one of the filthy rich ransomware operators who, with decent skills and a safe harbor outside the U.S., can have a long career free from any serious threat of jail or early demise.
Findings Illustrate Why Cybercrimes Are on the Rise
This discussion is not intended to make light of the very serious issue of ransomware. Instead, it is to explain why cybercrimes are increasing and why ransomware operators (cybercriminals) launch direct attacks against businesses that indirectly impact individuals whose data becomes the hostage. It’s easy to get in the business, you can make scads of money, and generally speaking, no one shoots at you.
Until we can find a way to disrupt this business model, Thomas Anderson – respectable citizen by day – the hacker Neo by night – will continue to be the role model for this generation of criminal kingpins.
Contact the ITRC
If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.
Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for our sister podcast, the Fraudian Slip, when we talk about protecting yourself from the latest retail fraud scams this holiday season with Julie Ferguson of the Retail Merchants Council and ITRC CEO Eva Velasquez. Be sure to join us next time for another episode of the Weekly Breach Breakdown.