By Ramarcus Baylor, JeremyBrown and John Martineau
Crucial cyberattacks caused a major hike in ransoms pay. As cybercriminals used increasingly aggressive techniques to compel firms into paying greater ransoms, the average ransomware payment surged 82 percent from 2020 to a record $570,000 in the first half of 2021. The rise comes after the average payment increased by 171% to more than $312,000 last year. These statistics, produced by the Unit 42 security consulting firm, confirm what many of us already know: the ransomware situation worsens as criminal companies increase their investment in highly profitable ransomware operations.
Following the news had already alerted us that things were deteriorating, and many of us had personal experience with the situation. Ransomware assaults have shut down schools, pushed up meat costs, caused gasoline shortages, delayed court cases, prevented some of us from getting our cars inspected, and forced certain hospitals to turn away patients.
One concerning tendency noted by Unit 42 experts as they dealt with dozens of ransomware incidents in the first half of 2021 is the rise of “quadruple extortion.” Ransomware criminals currently employ as many as four methods to compel victims to pay the ransom:
While it’s rare for a single company to be hit by all four techniques, we’ve seen ransomware groups resort to new tactics this year when victims don’t pay up after data theft and encryption. Double extortion was identified as an emerging practice in the Unit 42 Ransomware Threat Report for 2021, which covered 2020 trends – and the newest data suggest attackers are again doubling the number of extortion strategies they utilize. Ransomware criminals have become more greedy as they’ve adopted these new extortion methods. The average ransom demand was $5.3 million among the hundreds of instances analyzed by Unit 42 consultants in the first half of 2021. This is up to 518 percent from the average for 2020.
Our consultants saw the most considerable ransom demand for a single victim rise to $50 million in the first half of 2021, up from $30 million the previous year. REvil also tried a different method lately by giving a universal decryption key for $70 million to all organizations affected by the Kaseya VSA attack. However, it swiftly cut the price to $50 million. Kaseya was able to secure a universal decryption key in the end, but it’s unknown what money, if any, was made.
JBS SA disclosed $11 million after a massive attack in June, the largest verified payout so far this year. The most significant payment we saw last year was $10 million.
We expect the ransomware issue to intensify in the coming months as cybercriminals improve their strategies for pressuring victims into paying ransoms and explore new ways to make attacks more disruptive. Ransomware gangs, for example, have started encrypting a form of software called a hypervisor, which may infect several virtual instances running on a single server. In the following months, we anticipate seeing more attacks on hypervisors and other managed infrastructure software. In the aftermath of the attack on managed service providers and their customers, we expect to see increased targeting of managed service providers and their consumers. Kaseya is a remote management application used to spread ransomware to managed service provider clients (MSPs).
While we believe that ransomware will continue to rise in popularity, we also think that some gangs will continue to target small firms that lack the financial resources to invest extensively in cybersecurity. We’ve seen groups like NetWalker, SunCrypt, and Lock bit demand and accept contributions ranging from $10,000 to $50,000 so far this year. While these payments may appear insignificant compared to enormous ransoms we’ve seen, they can be crippling to a small business.
