As ransomware attacks hit more businesses than ever before in 2021, so too did the number of businesses that paid cybercriminals to unlock their data.
According to a new report from Palo Alto Networks’ Unit 42, ransomware payments reached a new high last year driven by the fact that cybercriminals began using Dark Web “leak sites” to put additional pressure on victims to pay up.
Based on cases worked by incident responders from Unit 42 last year, the average ransom demand rose by 144 percent to reach $2.2m while the average payment climbed by 78 percent to $540k.
The industries hit hardest by ransomware attacks last year include professional and legal services, construction, wholesale and retail, healthcare and manufacturing.
Of the ransomware groups in operation last year, Conti was responsible for the most activity and it accounted for more than one in five of the cases worked by Unit 42’s consultants.
REvil or Sodinokibi (which has since been shut down Russia’s FSB) took the second spot at 7.1 percent followed by Hello Kitty and Phobos at 4.8 percent each. In addition to being responsible for the most attacks, the Conti ransomware group posted the names of 511 organizations on its Dark Web leak site which was more than any other group.
Palo Alto Network’s report also goes into more details on how the cyber extortion ecosystem grew last year with the emergence of 35 new ransomware gangs. At the same time, ransomware groups invested their profits into the creation of easy-to-use tools and increasingly leveraged zero-day vulnerabilities.
Leak sites played a big role in getting organizations to pay ransom demands and the number of victims whose data was posted on such sites rose by 85 percent last year to reach 2,566 organizations. When it came to the location of leak site victims, 60 percent were in the Americas, 31 percent were in Europe, the Middle East and Africa and nine percent were in the Asia-Pacific region.
While ransomware groups continue to plague organizations around the world, law enforcement authorities and even tech giants like Microsoft have stepped up to try and disrupt their operations.
After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.