Average ransomware demands surged by 518% in the first half of 2021 compared to 2020, while payments climbed by 82% in the same period, according to new figures released by the Unit 42 security consulting group.
The researchers revealed that the average demand from ransomware gangs in H1 2021 was $50m, representing a massive increase from $847,000 in 2020. They noted that the highest demand made of a single victim so far in 2021 was $50m, which compares to $30m last year.
In addition, the average ransomware payment this year was a record $570,000, which compares to $312,000 last year. The team also noted that the average payment in 2020 was 171% higher than in 2019, further highlighting how lucrative this tactic has become during the past 18 months.
According to the researchers, the main factor in these increases was the use of new extortion approaches, meaning ransomware gangs are getting “greedier.” This included the rise of “quadruple extortion,” in which four extortion methods are used against a single victim:
- Encryption: making organizations pay to regain access to locked data and systems
- Data theft: threatening to release sensitive data if a ransom is not paid
- Denial of service (DoS): shutting down a victim’s public website
- Harassment: contacting customers, business partners, employees and media to tell them the organization has been compromised
The Unit 42 team also stated that they expect the ransomware crisis to worsen over the coming months and have observed threat actors “develop new approaches for making attacks more disruptive.” This includes encrypting hypervisors, which can corrupt multiple virtual instances running on a single server.
They also predict that managed service providers will be increasingly targeted in the wake of the recent high-profile Kaseya attack.
The researchers added: “While we predict that ransoms will continue their upward trajectory, we do expect to see some gangs continue to focus on the low end of the market, regularly targeting small businesses that lack resources to invest heavily in cybersecurity. So far this year, we have observed groups, including NetWalker, SunCrypt and Lockbit, demanding and taking in payments ranging from $10,000 to $50,000. While they may seem small compared to the largest ransoms we observed, payments that size can have a debilitating impact on a small organization.”
The findings have followed numerous instances of large ransomware payments in recent months. In May, it was reported that insurance giant CNA Financial paid its extorters $40m after its IT systems were locked down and data were stolen, while meat processing firm JBS confirmed it paid the REvil ransomware gang $11m in June.