Ransomware Payments Hit Record Highs in 2021
In 2021, ransomware payments hit new records as cybercriminals leveraged Dark Web “leak sites” by threatening to release sensitive information if victims didn’t pay up. According to Palo Alto Networks, the average payment last year was $541,010 — up 78% from 2020. This was fueled in part by the spread of ransomware-as-a-service (RaaS) business models that reduce barriers to entry for cyber extortionists. The biggest targets included healthcare, professional and legal services, wholesale and retail, construction, and manufacturing. The organizations that operate within these industries are considered “critical infrastructure” for threat actors.
Ransomware attacks show no signs of slowing down in 2022 and beyond. Ransomware tactics and techniques continue to evolve, and last year we saw the emergence of 35 new ransomware gangs. The Conti ransomware group was responsible for the most activity, accounting for 20% of cases analyzed in the 2022 Unit 42 Ransomware Threat Report by Palo Alto Networks. The frequency of ransomware attacks has intensified in recent decades, in part due to the rise of cryptocurrencies. The Senate Committee on Homeland Security and Governmental Affairs cited estimates by a cybersecurity company that there were 623 million such attacks worldwide in 2021.
U.S. companies alone were the number one target of ransomware hackers, facing 421 million attempted breaches — an increase of 98% compared with 2020. The most common tactics used were phishing scams, remote desktop protocol exploitation, and entry through software weaknesses. After the start of the Covid-19 pandemic, the widespread shift to remote work and schooling “expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching,” says the FBI.
The Rise of Quadruple Extortion
Last year, ransomware groups took tactics such as double extortion to a new level, deploying “multi-extortion techniques” designed to heighten the cost and immediacy of the threat. Quadruple extortion is one disturbing trend identified by Unit 42 consultants, in which ransomware operators reach out to a victim’s customers and stakeholders directly, adding more pressure. The four most common techniques for pressuring victims into paying include:
- Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because critical files are encrypted.
- Data Theft: Hackers expose sensitive information if a ransom is not paid.
- Denial of Service (DoS): Ransomware groups launch denial-of-service attacks that shut down a victim’s public websites.
- Harassment: Cybercriminals contact customers, business partners, employees, and media to tell them the organization was hacked.
While it’s rare for one organization to be the victim of all four techniques, ransomware operators have been engaging in additional approaches when victims don’t pay up after data encryption and theft. In 2021, cybercriminals released the names and proof of compromise for approximately 2,500 victims — up 85% from the previous year. RaaS sponsors sell startup kits and support services to emerging threat actors, which makes launching ransomware attacks almost as easy as using an online auction site.
The Ransomware Trajectory
The ransomware crisis will continue to gain momentum over the coming months, as cybercrime gangs refine their tactics and find new ways to inflict greater damage on victims. Long-term effects go far beyond the actual cost of the ransom to include a wide range of ancillary costs, such as loss of productivity, reputation, remediation, and more. So far this year, Palo Alto Networks has observed groups, including NetWalker, SunCrypt, and Lockbit taking in payments ranging from $10,000 to $50,000. Small businesses that lack proper resources are encouraged to invest heavily in cyber security sooner rather than later.
Defend Against Ransomware in 2022 With Mindcore
At Mindcore, our cyber security specialists in New Jersey and Florida have years of experience defending companies against online threats. We will work closely with you to build a strategy based on your unique needs and goals, using penetration testing, vulnerability assessments, and more. Contact us today with any questions about our cyber security services or to schedule a consultation with a member of our team.