- Average ransomware payment climbed 82% since 2020 to a record $570,000 in the first half of 2021.
- Average ransom demand increased by 518% in the first half of this year to $5.3m.
- The highest ransom demand of a single victim seen by Unit 42 rose to $50m in the first half of 2021 from $30m last year.
- Cybercrime groups are expected to hone tactics for coercing victims into paying and also develop new approaches for making attacks more disruptive.
Ransomware operators are getting greedy and are increasingly leveraging four approaches to persuade victims to pay – encryption, data theft, DDoS and harassment.
That’s a big shift from last year where ransomware operators were conducting double extortion – encryption and data theft/leak.
Ramarcus Baylor, senior director at Unit 42, said that the rise of “quadruple extortion” is one disturbing trend identified as they handled dozens of ransomware cases in the first half of 2021.
“We already knew it was getting worse from following the news, and many of us also knew from personal experience. Ransomware attacks have prevented us from accessing work computers, pushed up meat prices, led to gasoline shortages, shut down schools, delayed legal cases, prevented some of us from getting our cars inspected and caused some hospitals to turn away patients,” he said.
Unit 42, the threat intelligence team of Palo Alto Networks, said that the average ransomware payment climbed 82 per cent since 2020 to a record $570,000 in the first half of 2021, as cybercriminals employed increasingly aggressive tactics to coerce organisations into paying larger ransoms.
Cybercriminals have implemented devious new cyber extortion techniques as average ransom demand increased by 518 per cent in the first half of this year to $5.3 million.
Compared to the first half of 2020, the average ransom demand stood at $847,000.
The world changed with pandemic and ransomware operators took advantage to prey on organisations.
The increase comes after the average payment last year surged 171 per cent to more than $312,000.
Moreover, the highest ransom paid by an organisation doubled from 2019 to 2020, from $5 million to $10 million.
From 2015 to 2019, the highest ransomware demand was $15 million. In 2020, the highest ransomware demand grew to $30 million.
JBS’ payment is highest this year
“Ransomware operators now commonly use as many as four techniques for pressuring victims into paying,” Baylor said.
Jeremy Brown, Principal Consultant at Unit 42, said that while it’s rare for one organisation to be the victim of all four techniques, this year they have increasingly seen ransomware gangs engage in additional approaches when victims don’t pay up after encryption and data theft.
The highest ransom demand of a single victim seen by Unit 42 rose to $50 million in the first half of 2021 from $30 million last year.
The largest confirmed payment, so far this year, was the $11 million that JBS SA disclosed after a massive attack in June. Last year, the largest payment observed was $10 million.
Small businesses still on radar
John Martineau, Principal Consultant at Unit 42, said that they expect the ransomware crisis to continue to gain momentum over the coming months, as cybercrime groups further hone tactics for coercing victims into paying and also develop new approaches for making attacks more disruptive.
“We’ve started to see ransomware gangs encrypt a type of software known as a hypervisor, which can corrupt multiple virtual instances running on a single server. We expect to see increased targeting of hypervisors and other managed infrastructure software in the coming months.
“We also expect to see more targeting of managed service providers and their customers in the wake of the attack that leveraged Kaseya remote management software, which was used to distribute ransomware to clients of managed service providers (MSPs),” he said.
Baylor expects to see some gangs continue to target small businesses that lack resources to invest heavily in cybersecurity.
So far this year, groups such as NetWalker, SunCrypt and Lockbit are demanding and taking in payments ranging from $10,000 to $50,000.
“While they may seem small compared to the largest ransoms we observed, payments that size can have a debilitating impact on a small organization,” Baylor said.
Some of the world’s most prolific ransomware gangs:
- Mespinoza
- REvil
- Prometheus
- Conti
- DarkSide
- Clop
Related posts:
- Cybercriminals to have weaponised OT environments to successfully harm or kill humans by 2025
- Access brokers on the rise in cybercrime market
- Lasting impact of cybersecurity in 2020 elevates importance of CISOs