Average ransomware payment now $570,000, says Palo Alto Networks

11 Aug 2021

Image: © martialred/Stock.adobe.com

Attackers are increasingly adopting up to four simultaneous approaches to pressure people to pay promptly.

The average ransomware payment increased by 82pc to $570,000 in the first half of 2021, according to a report by Palo Alto Networks.

The cybersecurity company said that this increase comes after the average payment grew 171pc last year to $312,000.

Palo Alto’s security consulting team, Unit 42, also found that the average demand from attackers during this period was $5.3m, a 518pc increase from the 2020 average. The largest single confirmed payment so far in 2021 was the $11m paid by meat processing giant JBS in June, though the largest demand seen by the Palo Alto team was $50m.

A particular trend identified in the report was the rise of ‘quadruple extortion’. This four-pronged attack approach goes beyond just the standard ransomware technique of encrypting important data and demanding payment to unlock it.

Attackers can also publicly leak sensitive information to increase pressure on victims to pay; launch simultaneous denial-of-service attacks against the organisation’s websites; and attempt to publicly embarrass the target by telling media outlets, business partners and customers that the organisation has suffered an attack.

Unit 42 said it’s rare for one organisation to be the victim of all four techniques, but that attackers increasingly do adopt additional approaches when a target doesn’t immediately pay up.

The report predicted that the prevalence of malware will continue to gain momentum over the coming months, with new attack techniques and new types of malware being deployed. An example of the latter is a type of software known as ‘hypervisor’, which can corrupt multiple virtual machines running on a single server, and which has begun to be used in attacks more frequently lately.

Unit 42 also said it expects the average size of ransom demands to keep rising, though it believes many attackers will continue to target small and medium-sized businesses with poor cybersecurity for pay-outs of between $10,000 and $50,000.

The head of Palo Alto Networks in Ireland, Paul Donegan, said that like many countries, Ireland is being targeted by ransomware incidents.

The experience of the HSE illustrates how disruptive an attack can be,” he added. “Our latest research indicates that gangs like Conti are raising the stakes on their demands and the pay-outs that they can extract. Quadruple extortion tactics highlight how preventing ransomware attacks is a priority that Irish businesses and public institutions must embrace.

“One of the most effective ways to protect cyber assets and infrastructure is adopting a zero-trust architecture. By operationalising a ‘trust nothing and verify everything’ principle you can defend against attacks and limit the attacker’s ability to move through the network and alerting on their activities as they attempt to do so.”

A recent IBM report also found that the average costs associated with data breaches have reached a “record high” of $4.2m per incident. In June, the CEO of the HSE said the impact of the ransomware attack it suffered was “well over €100m”.

Jack Kennedy is a freelance journalist based in Dublin

editorial@siliconrepublic.com