Average Ransomware Payment Hits $570,000 in H1 2021
A new report finds ransomware gangs now bundle extortion methods to make victims pay up after an attack.
The average ransomware payment is up 82% in the first half of 2021, coming in at a record $570,000, according to a new report from Palo Alto Networks' Unit 42. It's a big jump from last year's average payment of more than $312,000, an increase of 171% from the year prior.
The findings note an increasing use of "quadruple extortion" by criminals. Researchers say ransomware operators commonly use as many as four techniques to pressure victims into paying. Among these are encryption, in which victims pay to regain access to scrambled data and compromised systems, and data theft, in which attackers release sensitive information if ransom isn't paid.
The third technique is denial of service (DoS), in which ransomware gangs launch DoS attacks to shut down a victim's public websites. The fourth is harassment, in which attackers contact a victim's customers, business partners, employees, and media to tell them an organization was hacked.
"While it's rare for one organization to be the victim of all four techniques, this year we have increasingly seen ransomware gangs engage in additional approaches when victims don't pay up after encryption and data theft," researchers say in a summary of the findings.
Unit 42 consultants said among the cases they reviewed in the first half of 2021, the average ransom demand was $5.3 million. This marks an increase of 518% from the 2020 average of $847,000.
The highest ransom demand of a single victim seen by Unit 42 consultants was $50 million in the first half of 2021, up from $30 million last year. The largest confirmed payment so far in 2021 is the $11 million that meat processor JBS SA disclosed after they were hit by an attack in June.
The full report can be found here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024