Palo Alto Networks Finds Ransomware Payments Hit New
Record - Dark Web Leaks Climb
April 4, 2022
payments hit new records in 2021 as cybercriminals increasingly turned to Dark
Web "leak sites" where they pressured victims to pay up by threatening to
release sensitive data, according to research released today from Unit 42 by
Palo Alto Networks.
The average ransom demand in cases worked by Unit 42 incident responders rose
144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010,
according to The 2022 Unit 42 Ransomware Threat Report. The most affected
industries were Professional and Legal Services, Construction, Wholesale and
Retail, Healthcare, and Manufacturing.
"In 2021, ransomware attacks interfered with everyday activities that people all
over the world take for granted – everything from buying groceries, purchasing
gasoline for our cars to calling 911 in the event of an emergency and obtaining
medical care," said
Jen Miller-Osborn, deputy director, Unit 42 Threat
Conti ransomware group was responsible for the most activity, accounting for
more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also
known as Sodinokibi, was No. 2 at 7.1%, followed by Hello Kitty and Phobos (4.8%
each). Conti also posted the names of 511 organizations on its Dark Web leak
site, the most of any group.
The report describes how the cyber extortion ecosystem grew in 2021, with the
emergence of 35 new ransomware gangs. It documents how criminal enterprises
invested windfall profits into creating easy-to-use tools in attacks that
increasingly leverage zero-day vulnerabilities.
The number of victims whose data was posted on leak sites rose 85% in 2021, to
2,566 organizations, according to Unit 42's analysis. 60% of leak site victims
were in the Americas, followed by 31% for Europe, the Middle East and Africa,
and then 9% in the Asia-Pacific region.