SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware payments hit new records as Dark Web leaks climb
Wed, 13th Apr 2022
FYI, this story is more than a year old

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to research from Unit 42 by Palo Alto Networks.

The average ransom demand in cases worked by the Palo Alto Networks Unit 42 security consultants rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010, the report found.

"In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted - everything from buying groceries, purchasing gasoline for our cars to calling 911 in the event of an emergency and obtaining medical care," says Jen Miller-Osborn, deputy director, Unit 42 Threat Intelligence.

Globally, the Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No. 2 at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organisations on its Dark Web leak site, the most of any group. In Asia Pacific, Lockbit2.0 (28%) and Conti (11%) were the most active ransomware groups.

Hong Kong ranks #10 in Asia Pacific for the number of ransomware attacks, with hospitals and professional organisations being targeted by threat actors. Each attack poses threats to private data and the operation of critical citizen services.
The report describes how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. It documents how criminal enterprises invested windfall profits into creating tools that are easier to use in attacks that increasingly leverage zero-day vulnerabilities.

The number of victims whose data was posted on leak sites rose 85% in 2021 to 2,566 organisations, according to Unit 42's analysis. 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region. The most affected industries were Professional and Legal Services, Construction, Wholesale and Retail, Healthcare, and Manufacturing.

Palo Alto Networks is global cybersecurity specialist, helping to shape a cloud-centric future with technology that is transforming the way people and organisations operate.

"Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration" the company says.

"By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organisations across clouds, networks, and mobile devices," it says.

"Our vision is a world where each day is safer and more secure than the one before."