Booming business: average ransom payment almost doubles


Extortion gangs continue to wreak havoc with the ever-expanding ecosystem and ballooning ransom demands.

Threat actors behind ransomware aren’t going anywhere. Digital extortion is booming with successful attacks netting hundreds of thousands of dollars.

According to a recent Ransomware Threat Report by Unit 24, random demands and payment continue steep climb up. Last year, the average ransom demand went up by 144% to a whopping $2.2 million.

ADVERTISEMENT

The report also shows that with higher demands come chunkier payments. On average, victims paid $541 thousand in 2021, up from $303 thousand in 2020.

To force victims into succumbing to their demands, ransomware gangs often employ multi-extortion tactics. Among the most popular ways to put pressure are distributed denial-of-service (DDoS) attacks and shaming.

The report shows that the names and proof of compromise for 2,566 victims were publicly posted on ransomware leak sites last year, marking an 85% increase compared to 2020.

The increased level of publicity about ransomware in the last couple of years did not deter new threat actors from joining the game. According to the report, at least 56 active Ransomware-as-a-Service (RaaS) groups operated last year.

Worryingly, reports authors claim that every single RaaS group has lowered entry barriers for new affiliates, which means that the potential pool of criminals is constantly expanding.

With an increasing number of threat actors, the number of potential victims will also grow. The most likely targets in the near future are cloud providers that were somewhat spared by the onslaught of extortion attacks.

“Given the amount of valuable data in the cloud, it is only a matter of time before we see ransomware groups target cloud environments,” reads the report.

ADVERTISEMENT

Recent attempts to compromise developers working with major cloud providers might be a signal of what’s coming.

Earlier today, security researchers at JFrog identified a large-scale supply chain attack explicitly aimed at Azure developers.

JFrog researchers noted automated alerts on a set of packages in the NPM registry. Manual inspection revealed a massive increase in infected packages.