Ransomware payments hit new records in 2021, finds study

The ransomware landscape will continue to evolve as threat actors leverage new techniques to halt business operations, finds Palo Alto Networks research

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web "leak sites" where they pressured victims to pay up by threatening to release sensitive data, according to research released today from Unit 42 by Palo Alto Networks, the global cybersecurity leader.

The average ransom demand in cases worked by Unit 42 incident responders rose 144% in 2021 to US$2.2mn, while the average payment climbed 78% to $541,010, according to The 2022 Unit 42 Ransomware Threat Report

Ransomware attacks dominated the headlines around the world in 2021, and show no signs of slowing down. In fact, cybercriminals are doubling down by finding additional ways to extort victims in conjunction with ransomware. Double extortion first took off in 2020 with the rise of dark web leak sites that cybercriminals used to identify ransomware victims and threaten to leak sensitive corporate data. In 2021, ransomware gangs took these tactics to a new level, popularising multi-extortion techniques designed to heighten the cost and immediacy of the threat. 

The most affected industries were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Helping customers manage cyber risks

Palo Alto Networks, a global cybersecurity leader, provides visibility, trusted intelligence, automation, and flexibility that help complex organisations advance securely. Its mission is to be the cybersecurity partner of choice, protecting our digital way of life. 

Unit 42 brings together threat researchers with a team of incident responders and security consultants to create an intelligence-driven, response-ready organisation passionate about helping customers more proactively manage cyber risk. Unit 42 has expanded its scope to provide ‘state-of-the-art’ incident response and cyber risk management services.

Attackers are increasingly using anonymised services, which makes it more difficult for security researchers and law enforcement to track activities and identify indicators of compromise (IoCs) that can be used for network defences. 

Ransomware groups dominating the headlines

Recent headlines have been dominated by ransomware gangs such as Conti and REvil. These groups actively recruit affiliates (cybercriminals) to carry out their attacks. The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No. 2  at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organisations on its Dark Web leak site, the most of any group.

The report describes how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. It documents how criminal enterprises invested windfall profits into creating easy-to-use tools in attacks that increasingly leverage zero-day vulnerabilities.

The number of victims whose data was posted on leak sites rose 85% in 2021, to 2,566 organisations, according to Unit 42's analysis. 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region.

As these ransomware gangs and ransomware-as-a-service (RaaS) operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organisations of all sizes in 2022. As a result, ransomware has become one of the top threats in cybersecurity and a focus area for Palo Alto Networks. 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI