Ransomware demands and payments reach new highs

3 years ago 380

As cybercriminals person go much aggressive, the mean ransom outgo successful the archetypal fractional of 2021 jumped to $570,000, up 82% from 2020, says Palo Alto Networks' Unit 42.

Ransomware concept

Image: Rzt_Moster/Shutterstock

Ransomware has evolved into 1 of the astir destructive and damaging forms of cyberattack, resulting successful immense fiscal losses for victimized organizations. And arsenic cybercriminals person gotten bolder and greedier, their ransom demands person skyrocketed. A study released Monday by Palo Alto Networks' menace quality team, Unit 42, looks astatine however and wherefore ransomware prices person soared implicit the past year.

SEE: Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic)

Ransomware prices

There's typically a quality betwixt ransom demands and existent payments. A cybercriminal oregon pack whitethorn commencement disconnected by demanding an exorbitant magnitude of wealth from a unfortunate but yet settee for little pursuing negotiations and different factors.

Looking astatine the archetypal ransom demands handled by Unit 42 successful the archetypal fractional of 2021, the mean was $5.3 million, a leap of 518% from the 2020 mean of $847,000. The highest request seen implicit the aforesaid play of clip was $50 million, up from $30 cardinal past year.

The mean existent ransom outgo reviewed by Unit 42 successful the archetypal fractional of this twelvemonth reached a grounds $570,000, an summation of 82% from past year. This leap came connected apical of a 171% surge to $312,000 successful 2020 compared with 2019.

The numbers person been adjacent higher among immoderate salient ransomware cases that person precocious deed the news.

Following an onslaught against IT endeavor steadfast Kaseya, ransomware radical REvil said it wanted $70 cardinal worthy of bitcoin successful speech for a cosmopolitan decryptor that would let each affected companies to retrieve their files. The radical rapidly lowered its asking terms to $50 million. Kaseya did yet obtain a decryption key but said that it came from a trusted source.

The largest confirmed outgo truthful acold this twelvemonth was the $11 cardinal that nutrient processing institution JBS Foods shelled retired aft an onslaught by REvil. This bushed the largest outgo of $10 cardinal seen by Unit 42 past year.

Why prices are rising

Why person ransom demands and payments gotten higher? One trigger cited by Unit 42 is the quadruple extortion tactic. Criminals present typically usage arsenic galore arsenic 4 antithetic techniques to compression victims into paying the ransom.

  1. Encryption. In this stage, victimized organizations wage the attackers to decrypt the encrypted information from their compromised machine systems.
  2. Release of data. In this stage, the attackers vow to publically merchandise the delicate information unless the ransom is paid. As such, the enactment is forced to wage the ransom adjacent if it has backups of the encrypted files.
  3. Denial of work attacks. In this scenario, the criminals motorboat denial of work attacks to unopen down a victim's nationalist websites until the ransom is paid.
  4. Harassment. And successful this stage, the attackers interaction customers, concern partners, employees and quality media to alert them to the attack, frankincense embarrassing the victim.

Though ransomware gangs whitethorn not needfully employment each 4 tactics successful 1 attack, they volition surely crook to much than one, specified arsenic encryption and the merchandise of information oregon encryption and denial of work attacks. The nonsubjective is to enactment arsenic overmuch unit connected the victimized enactment truthful that they person small prime but to wage up.

Looking into its crystal ball, Unit 42 expects ransomware attacks to proceed to summation momentum arsenic criminals adhd different tactics to the mix.

In 1 example, ransomware gangs person started to encrypt hypervisor software, which runs aggregate virtual machines connected 1 server. This attack allows them to corrupt much than 1 strategy successful a azygous attack, a method expected to summation much traction.

In different example, criminals are apt to signifier much attacks against managed work providers and their customers, specified arsenic the 1 against Kaseya that affected much than 1,000 companies on Kaseya's proviso chain.

Though ransom demands and payments volition proceed to rise, immoderate gangs volition inactive absorption connected the little extremity of the market, according to Unit 42. Here, the attackers specifically people smaller businesses that whitethorn deficiency the resources to put successful beardown cybersecurity. Such transgression groups arsenic NetWalker, SunCrypt and Lockbit person snagged ransom payments from $10,000 to $50,000. That whitethorn dependable minuscule compared with the wealth raked successful by REvil, but specified amounts tin easy interaction a tiny company.

Recommendations

With outgo demands surging higher and cybercriminals becoming much aggressive, however tin organizations amended support themselves against ransomware attacks?

"Keeping your enactment harmless from falling unfortunate to a ransomware onslaught requires a cardinal displacement distant from detection and remediation toward mentation and prevention," John Martineau, main advisor for Unit 42, told TechRepublic. "This means reducing the onslaught surface, specified arsenic closing the distant desktop protocol (RDP) to the net and alternatively utilizing a virtual backstage web (VPN) with multi-factor authentication (MFA) enabled, preventing known threats, and identifying and preventing chartless threats done information technologies similar XDR." 

Detection of threats is important, according to Martineau. But it won't forestall a ransomware attack, particularly 1 successful which your information is astatine hazard of being leaked publicly. Organizations should beryllium acceptable to place and artifact each measurement of an onslaught from transportation to hard-to-detect lateral movement. This strategy requires elaborate contingency plans and exercises truthful that everyone knows what to bash if your information is compromised.

But if a ransomware onslaught does deed your organization, what steps should you take?

"If you're the unfortunate of a ransomware attack, don't panic," Martineau said. "Task delegation and teamwork are captious successful the archetypal 12 to 24 hours and beyond post-attack. Keep a checklist and the idiosyncratic liable for the assigned task. Check if you person viable backups. If you do, reconstruct from your latest backup aft preserving the information successful the lawsuit wherever an probe of the incidental is warranted. Finally, interaction your cyber security typical if applicable."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article