Studies by The Software Alliance (BSA) together with IDC show that, globally, approximately 37% of the software installed on personal computers is unlicensed and that organizations face a one-in-three probability of encountering malware when obtaining or installing unauthorized software. The same report estimates that incidents associated with unlicensed software involve an aggregate cost close to $359 billion annually for companies worldwide.
Cracks, installers and malware: what the evidence shows
The central question is why an actor would go to the trouble of developing and distributing a crack to circumvent a high-cost technological protection system without obtaining a direct economic benefit. Forensic experience and academic studies point to a consistent answer: the crack and "free" installers are predominantly used as vehicles to spread malware.
A joint study by the National University of Singapore (NUS) and Microsoft, which analyzed copies of pirated software downloaded in various Asia-Pacific countries, found that 34% of pirated software packages downloaded included embedded malware that was activated upon completion of the download or when opening the folder containing the program.
More recent research deepens this relationship. A 2024 paper on software piracy in Southeast Asian countries collected 750 samples of pirated software obtained on disks, optical discs and online platforms, and concluded that a significant proportion of these samples contained hidden malware, confirming that unauthorized software constitutes a privileged vector for the distribution of malicious code.
In the field of applied cybersecurity, various industry reports describe how criminal groups use mass distribution platforms—for example, search results and YouTube videos that redirect to cloud repositories—to offer tampered installers and cracks. The goal is not simply to enable free use of a program, but to steal browser data, financial service credentials and obtain persistent access to the compromised device.
From individual incident to systemic risk
From a risk management perspective, the problem is not exhausted in the specific machine where a pirated program is installed. That device is part of corporate networks, connects to servers, exchanges files with third parties, accesses VPNs and cloud systems. A single entry point—a crack downloaded from an untrusted site—can become the gateway to the entire infrastructure.
Europol's annual Internet Organised Crime Threat Assessment (IOCTA) reports consistently describe that ransomware and data exfiltration incidents rely on attack chains that exploit basic weaknesses: unpatched systems, weak passwords and, recurrently, unauthorized or tampered software that introduces the first malicious component into the network.
In parallel, FBI reports show that ransomware incidents are on the rise again. The 2023 Internet Crime Report recorded 2,825 ransomware complaints, an 18% increase from 2022, and reported losses that grew 74%, from $34.3 million to $59.6 million, in reported cases alone.
In this context, piracy ceases to be an internal compliance issue and becomes a systemic risk vector, capable of compromising suppliers, customers, public agencies and, ultimately, entire sectors of the economy.
Critical sectors and sensitive population data
The connection between piracy and cybersecurity becomes particularly sensitive in sectors that handle data with high social impact. Three examples are illustrative: healthcare, justice and law enforcement, and finance and formal economy.
a) Healthcare
Various sources agree that the healthcare sector has become one of the main targets of ransomware attacks and data breaches. Statistics consolidated from reports to the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) show that in 2023, 725 healthcare data breaches of 500 or more records were reported, exposing more than 133 million medical records.
A recent study published in JAMA Network Open documents that the number of patient records affected by data breaches in the United States went from 6 million in 2010 to 170 million in 2024, with a very marked growth in incidents associated with hacking and ransomware.
To this we can add specific high-impact incidents. In 2024, the Ascension health system in the United States suffered a ransomware attack that affected approximately 5.6 million patients, forced ambulances to be diverted and temporarily returned to paper records, with a direct impact on continuity of care.
In these types of organizations, the presence of unauthorized or cracked software introduces a level of risk incompatible with the nature of the data handled (medical records, laboratory results, insurance information) and with the continuity of health services.
b) Justice and law enforcement
The judicial and law enforcement ecosystem also faces a sustained increase in attacks. In the United States, various state and local court systems have suffered ransomware incidents that interrupted hearings, affected access to case files and exposed sensitive information. In 2023, for example, the BlackCat/ALPHV group claimed an attack on the northwest Florida court system, claiming to have extracted several terabytes of data, including network maps and service credentials.
In 2025, a large-scale intrusion against the federal judicial case management system (CM/ECF and PACER) was also made public, with indications of access to sealed and highly sensitive documents and a subsequent comprehensive review of the judiciary's cybersecurity measures.
In this context, the use of unauthorized software in administrative departments, security agencies or judicial offices is not a minor issue, but a vulnerability that can facilitate access to criminal databases, ongoing investigations or internal security protocols.
c) Finance and formal economy
The financial sector has been a recurrent target of attacks. According to Boston Consulting Group data, in 2023 cyberattacks on financial institutions worldwide increased by 30% compared to the previous year. These incidents range from theft of credentials and customer data to disruption of online banking platforms and payment systems.
In this context, the use of unlicensed software in any department of a financial organization—accounting, legal, human resources, IT—constitutes a latent threat that can compromise access to core banking systems, transaction records or client portfolios.
Protecting the population: a public responsibility
The proliferation of malware through pirated software is not limited to organizations. A significant proportion of households and small businesses use non-genuine software, exposing themselves—often without being aware—to credential theft, identity fraud and unauthorized access to their online banking, email and social media accounts.
From a public policy perspective, this situation requires an integrated approach that combines awareness, regulation and enforcement. The goal is not only to protect copyright or ensure compliance with commercial licenses, but to protect the population's information security and the stability of critical infrastructures.
Conclusion
Empirical evidence collected over the last decade shows that software piracy and cybersecurity are two faces of the same problem. Cracks and unauthorized installers have become privileged vectors for malware distribution, and their use in critical sectors—health, justice, finance—poses a systemic risk that transcends individual incidents.
Protecting the population and critical infrastructures requires understanding that software piracy is not an isolated administrative issue, but an open door to some of the most serious threats facing contemporary digital society. Only through a comprehensive approach—combining technical awareness, appropriate regulation and effective enforcement—will it be possible to close this vulnerability and ensure a safer digital environment for citizens, companies and public institutions.