Ransomware payments broke records last year and dark web leaks climbed as more cybercriminals threatened to release sensitive data to pressure victims to pay up, a recent Palo Alto Networks Unit 42 report found.
Unit 42 gathered the data from the ransomware cases they handled, leak sites, and general underground forums on the dark web to generate the Ransomware Threat Report.
Among the cases worked by Unit 42 consultants, the average ransomware payment rose 78% year over year to $541,010 in 2021, while average demand went up 144% to $2.2 million, the report found.
“Cybercriminals are doubling down by finding additional ways to extort victims in conjunction with ransomware,” Ryan Olson, VP of threat intelligence at Unit 42 by Palo Alto Networks, wrote in the report.
Last year, ransomware groups took tactics such as double extortion to a new level, “popularizing multi-extortion techniques designed to heighten the cost and immediacy of the threat,” he added. And the team also saw ransomware-as-a-service (RaaS) operators grow.
With multi-extortion techniques, attackers not only encrypt victims’ files but also name and share in the leak sites and threaten additional attacks, trying to force victims to pay the ransom. The report showed that the number of organizations whose data was posted on leak sites increased 85% last year to 2,566.
Among those victims, 60% of them were based in the Americas, 31% were from Europe, the Middle East, and Africa, and 9% were in the Asia-Pacific region.
Most Active Ransomware Gangs in 2021Unit 42 team also identified the top ransomware gangs last year. The Conti ransomware group was responsible for more than 20% of the cases that the team consulted in 2021. The group’s average ransom demand was around $1.78 million with a $3 million top initial payment request.
Plus, Conti posted 511 victims’ names on its dark web leak site — more than any other group, the team found.
The second most active group Unit 42 observed was REvil (also known as Sodinokibi), followed by Hello Kitty and Phobos.
The multi-extortion techniques and RaaS also drove the ecosystem to grow. Unit 42 found at least 35 new ransomware gangs emerged in 2021, such as Hive, Black Matter, and Grief.
“As these ransomware gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022,” Olson concluded.