As cybercriminals have turn out to be extra aggressive, the common ransom cost within the first half of 2021 jumped to $570,000, up 82% from 2020, says Palo Alto Networks’ Unit 42.
Ransomware has advanced into one of the damaging and damaging types of cyberattack, leading to large monetary losses for victimized organizations. And as cybercriminals have gotten bolder and greedier, their ransom calls for have skyrocketed. A report launched Monday by Palo Alto Networks’ risk intelligence staff, Unit 42, seems at how and why ransomware costs have soared over the previous yr.
SEE: Ransomware assault: Why a small enterprise paid the $150,000 ransom (TechRepublic)
There’s sometimes a distinction between ransom calls for and precise funds. A cybercriminal or gang could begin off by demanding an exorbitant sum of money from a sufferer however finally accept much less following negotiations and different elements.
Trying on the preliminary ransom calls for dealt with by Unit 42 within the first half of 2021, the common was $5.3 million, a soar of 518% from the 2020 common of $847,000. The best demand seen over the identical time period was $50 million, up from $30 million final yr.
The typical precise ransom cost reviewed by Unit 42 within the first half of this yr reached a file $570,000, a rise of 82% from final yr. This soar got here on high of a 171% surge to $312,000 in 2020 in contrast with 2019.
The numbers have been even increased amongst some outstanding ransomware circumstances which have lately hit the information.
Following an assault in opposition to IT enterprise agency Kaseya, ransomware group REvil mentioned it wished $70 million price of bitcoin in trade for a common decryptor that will enable all affected corporations to get better their recordsdata. The group rapidly lowered its asking worth to $50 million. Kaseya did finally acquire a decryption key however mentioned that it got here from a trusted supply.
The most important confirmed cost thus far this yr was the $11 million that meat processing firm JBS Meals shelled out after an assault by REvil. This beat the most important cost of $10 million seen by Unit 42 final yr.
Why costs are rising
Why have ransom calls for and funds gotten increased? One set off cited by Unit 42 is the quadruple extortion tactic. Criminals now sometimes use as many as 4 totally different methods to squeeze victims into paying the ransom.
- Encryption. On this stage, victimized organizations pay the attackers to decrypt the encrypted information from their compromised pc programs.
- Launch of knowledge. On this stage, the attackers vow to publicly launch the delicate information except the ransom is paid. As such, the group is pressured to pay the ransom even when it has backups of the encrypted recordsdata.
- Denial of service assaults. On this state of affairs, the criminals launch denial of service assaults to close down a sufferer’s public web sites till the ransom is paid.
- Harassment. And on this stage, the attackers contact clients, enterprise companions, staff and information media to alert them to the assault, thus embarrassing the sufferer.
Although ransomware gangs could not essentially make use of all 4 ways in a single assault, they are going to actually flip to a couple of, comparable to encryption and the discharge of knowledge or encryption and denial of service assaults. The target is to place as a lot strain on the victimized group in order that they’ve little alternative however to pay up.
Trying into its crystal ball, Unit 42 expects ransomware assaults to proceed to realize momentum as criminals add different ways to the combo.
In a single instance, ransomware gangs have began to encrypt hypervisor software program, which runs a number of digital machines on one server. This strategy permits them to deprave a couple of system in a single assault, a way anticipated to realize extra traction.
In one other instance, criminals are more likely to stage extra assaults in opposition to managed service suppliers and their clients, such because the one in opposition to Kaseya that affected greater than 1,000 corporations alongside Kaseya’s provide chain.
Although ransom calls for and funds will proceed to rise, some gangs will nonetheless concentrate on the decrease finish of the market, based on Unit 42. Right here, the attackers particularly goal smaller companies which will lack the sources to spend money on sturdy cybersecurity. Such legal teams as NetWalker, SunCrypt and Lockbit have snagged ransom funds from $10,000 to $50,000. Which will sound minuscule in contrast with the cash raked in by REvil, however such quantities can simply impression a small firm.
With cost calls for surging increased and cybercriminals changing into extra aggressive, how can organizations higher shield themselves in opposition to ransomware assaults?
“Conserving your group protected from falling sufferer to a ransomware assault requires a basic shift away from detection and remediation towards preparation and prevention,” John Martineau, principal advisor for Unit 42, advised TechRepublic. “This implies decreasing the assault floor, comparable to closing the distant desktop protocol (RDP) to the web and as a substitute utilizing a digital personal community (VPN) with multi-factor authentication (MFA) enabled, stopping identified threats, and figuring out and stopping unknown threats by way of safety applied sciences like XDR.”
Detection of threats is essential, based on Martineau. But it surely will not forestall a ransomware assault, particularly one by which your information is susceptible to being leaked publicly. Organizations needs to be able to establish and block each step of an assault from supply to hard-to-detect lateral motion. This technique requires detailed contingency plans and workout routines so that everybody is aware of what to do in case your information is compromised.
But when a ransomware assault does hit your group, what steps must you take?
“Should you’re the sufferer of a ransomware assault, do not panic,” Martineau mentioned. “Job delegation and teamwork are vital within the first 12 to 24 hours and past post-attack. Hold a guidelines and the particular person answerable for the assigned process. Test when you’ve got viable backups. Should you do, restore out of your newest backup after preserving the info within the case the place an investigation of the incident is warranted. Lastly, contact your cyber insurance coverage consultant if relevant.”