Average Ransomware Payment Hits $570,000 in H1 2021
A new report finds ransomware gangs now bundle extortion methods to make victims pay up after an attack.
The average ransomware payment is up 82% in the first half of 2021, coming in at a record $570,000, according to a new report from Palo Alto Networks' Unit 42. It's a big jump from last year's average payment of more than $312,000, an increase of 171% from the year prior.
The findings note an increasing use of "quadruple extortion" by criminals. Researchers say ransomware operators commonly use as many as four techniques to pressure victims into paying. Among these are encryption, in which victims pay to regain access to scrambled data and compromised systems, and data theft, in which attackers release sensitive information if ransom isn't paid.
The third technique is denial of service (DoS), in which ransomware gangs launch DoS attacks to shut down a victim's public websites. The fourth is harassment, in which attackers contact a victim's customers, business partners, employees, and media to tell them an organization was hacked.
"While it's rare for one organization to be the victim of all four techniques, this year we have increasingly seen ransomware gangs engage in additional approaches when victims don't pay up after encryption and data theft," researchers say in a summary of the findings.
Unit 42 consultants said among the cases they reviewed in the first half of 2021, the average ransom demand was $5.3 million. This marks an increase of 518% from the 2020 average of $847,000.
The highest ransom demand of a single victim seen by Unit 42 consultants was $50 million in the first half of 2021, up from $30 million last year. The largest confirmed payment so far in 2021 is the $11 million that meat processor JBS SA disclosed after they were hit by an attack in June.
The full report can be found here.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024