While enterprise security leaders find it difficult to provide return on investment, a standard ransomware campaign could earn an attacker a 1,425-percent ROI, according to a recent Trustwave report.

The report also examined how different types of financially motivated threat actors make money on cybercrime, distinguishing between targeted attacks and opportunistic attackers. Targeted attackers choose a specific set of targets, and then determine its vulnerabilities in order to compromise it. Opportunistic attackers learn about a vulnerability, and then look for vulnerable targets.