Hackers had used the ‘name-and-shame’ technique to pressure victim organizations to pay up.

One global cybersecurity services firm has reported record highs in ransomware payment incidents for 2021 among its user base.

In a report on ransomware threats, Palo Alto Networks’ Unit 42 security consultants noted that the average ransom demand in the cases they attended to had risen by 144% in 2021 to US$2.2m, while the average ransomware payment had climbed 78% to US$541,010.

The report describes the emergence of 35 new ransomware gangs and documents how criminal enterprises had reinvested windfall profits into creating tools that are easier to use in attacks that increasingly leverage Zero Day vulnerabilities. 

The Conti ransomware group was responsible for the most cyber activity in the firm’s platform, accounting for more than one in five cases. REvil, also known as Sodinokibi, was in second place at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organizations on its Dark Web leak site, the most of any threat group. The leaking of the identity of such compromised organizations on the Dark Web had added pressure on victims to pay up. 

Additionally, the number of corporate victims whose data had been posted on leak sites last year had risen by 85% in 2021 to 2,566 organizations. Of this user base of Palo Alto Networks’ Unit 42 services, 60% of leak site victims were in the Americas; followed by 31% for Europe, the Middle East and Africa; and then 9% in the Asia Pacific region. The most affected industries were Professional and Legal Services; Construction; Wholesale and Retail; Healthcare; and Manufacturing. 

Said Jen Miller-Osborn, Deputy Director, Unit 42 Threat Intelligence: “In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted—everything from buying groceries, purchasing gasoline for our cars, to calling 911 in the event of an emergency and obtaining medical care.”