Ransomware payments hit new records in 2021 as Dark Web leaks climbed by Palo Alto Networks
- Average ransom demand rose 144% to $2.2 million.
- Average payment rose 78% percent to $541,010
- Thailand ranks 6th in the JAPAC region in the number of ransomware attacks
- Posts on name-and-shame Dark Web leak sites climbed 85%
Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web “leak sites” where they pressured victims to pay up by threatening to release sensitive data, according to research released today from Unit 42 by Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader.
The average ransom demand in cases worked by Unit 42 incident responders rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010, according to The 2022 Unit 42 Ransomware Threat Report. The most affected industries were Professional and Legal Services, Construction, Wholesale and Retail, Healthcare, and Manufacturing.
“In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted – everything from buying groceries, purchasing gasoline for our cars to calling 911 in the event of an emergency and obtaining medical care,” said Jen Miller-Osborn, deputy director, Unit 42 Threat Intelligence.
The Conti ransomware group was responsible for the most activity globally, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No. 2 at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Lockbit 2.0 was responsible for the highest number of attacks in Thailand, causing 9 out of the 13 ransomware attacks in Thailand.
The number of victims whose data was posted on leak sites rose 85% in 2021, to 2,566 organizations, according to Unit 42’s analysis. 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region. Bangkok has the highest number of attacks compared to other states in Thailand, mostly within the commercial & professional services sector followed by software & services and automobiles & components.
Detailed commentary, analysis and breakdowns on activity by region, industry and ransomware groups are available in the 2022 Unit 42 Ransomware Threat Report, which can be downloaded on the Palo Alto Networks Website. A summary of the report is available on the Unit 42 blog.