Unit 42: Extortion payments hit new records

The average ransom payment in the first half of 2021 jumped to $570,000, up 82% from 2020, says Palo Alto Networks' Unit 42

Ransomware is one of the most damaging forms of cyberattack, resulting in huge financial losses for victimised organisations.  A report released by Palo Alto Networks threat intelligence team, Unit 42, looks at how and why ransomware prices have soared over the past year.

It was found that the average ransomware payment climbed 82% since 2020 to a record $570,000 in the first half of 2021, as cybercriminals employed increasingly aggressive tactics to coerce organizations into paying larger ransoms. The increase comes after the average payment last year surged 171% to more than $312,000. 

“We already knew it was getting worse from following the news, and many of us also knew from personal experience. Ransomware attacks have prevented us from accessing work computers, pushed up meat prices, led to gasoline shortages, shut down schools, delayed legal cases, prevented some of us from getting our cars inspected and caused some hospitals to turn away patients.” said Ramarcus Baylor, Senior Director at Unit 42;  Jeremy Brown and John Martineau, Principle consultant at Unit 42, in a blog post. 


The rise of ransomware prices 


A trend identified by Unit 42 consultants, was the rise of “quadruple extortion”. Ransomware operators now commonly use as many as four techniques for pressuring victims into paying:

  1. Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted.
  2. Data Theft: Hackers release sensitive information if a ransom is not paid. (This trend really took off in 2020.)
  3. Denial of Service (DoS): Ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
  4. Harassment: Cybercriminals contact customers, business partners, employees and media to tell them the organisation was hacked.

Although it’s rare for one organisation to be the victim of all four techniques, this year Unit 42 have increasingly seen ransomware gangs engage in additional approaches when victims don’t pay up after encryption and data theft.

The 2021 Unit 42 Ransomware Threat Report, which covered 2020 trends, flagged double extortion as an emerging practice – and the latest observations show attackers again doubling the number of extortion techniques they use.

The highest ransom demand of a single victim seen by Unit 42’s consultants rose to $50 million in the first half of 2021 from $30 million last year. The largest confirmed payment, so far this year, was the $11 million that JBS SA disclosed after a massive attack in June. Last year, the largest payment Unit 42observed was $10 million.


The future of ransomware 


Unit 42 expects the ransomware crisis will continue to gain momentum over the coming months, as cybercrime groups further hone tactics for coercing victims into paying and also develop new approaches for making attacks more disruptive.

They also predict to see some gangs continue to focus on the low end of the market, regularly targeting small businesses that lack resources to invest heavily in cybersecurity. So far this year, they have observed groups, including NetWalker, SunCrypt and Lockbit, demanding and taking in payments ranging from $10,000 to $50,000. While they may seem small compared to the largest ransoms observed, payments that size can have a debilitating impact on a small organisation.



Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security