Ransomware Demands And Payments Reach An All-time High

The average ransom payment in the first half of 2021 reached a record $570,000, an 82% increase from 2020, according to Palo Alto Networks’ Unit 42. 

A report by the threat team of Palo Alto Networks, Unit 42, focuses on how and why ransomware prices have soared in the past year.

The average actual ransom payment reviewed by Unit 42 in the first half of 20201 was $5.3 million, a whopping 518% increase over the 2020 average of $847,000. The highest demand that was seen in the same period was $50 million, up from $30 million in 2020.

The highest confirmed payment so far in 2021 was the $11 million that meat processing company JBS Foods was able to pay after an attack by REvil, surpassing the highest payment of $10 million received by Unit 42 in 2020.

Why have ransom demands skyrocketed exponentially? One trigger cited by Unit 42 is the quadruple extortion tactic.

• Encryption: In this phase, the companies concerned pay the attackers to decrypt the encrypted data of their breached computer systems.
• Release of the data: At this stage, the attackers threaten to make the sensitive data public if the ransom is not paid. The organization is forced to pay the ransom, even if it has backups of the encrypted files.
• Denial of service attacks: In this scenario, the attackers launch denial of service attacks to shut down the public websites of a victim until the ransom is paid.
• Harassment: At this stage, the cybercriminals contact customers, business partners, employees and the news media to warn them of the attack, causing the victim severe embarrassment.

As ransom demands and payments continue to rise, Unit 42 recommends that organizations focus on preventing such attacks.

“Keeping your organization safe from falling victim to a ransomware attack requires a fundamental shift away from detection and remediation toward preparation and prevention,” said John Martineau, principal consultant for Unit 42. “This means reducing the attack surface, such as closing the remote desktop protocol (RDP) to the internet and instead using a virtual private network (VPN) with multi-factor authentication (MFA) enabled, preventing known threats, and identifying and preventing unknown threats through security technologies like XDR.”

For more information, read the original story in TechRepublic.