According to a recent report, even this staggering amount was overshadowed in H1 2021.

After breaking records for demanding up to US$30 million in ransomware last year, cybercriminals studied by Palo Alto Networks’ Unit42 Cybersecurity Group have become bolder and greedier this year, by asking for up to US$50 million.

In its recently released ransomware threat report, Palo Alto Network noted that cybercriminals are targeting organizations with large revenue streams, by disrupting their business continuity so they are not able to operate without paying the ransom.

“Some businesses may falsely think they won’t be targets of cybercriminals because they have nothing of value to them, such as sensitive customer data,” said Sean Duca, regional chief security officer for Palo Alto Networks.

“The surge in ransomware cases shows that such beliefs are misguided. No organization or industry is safe. We are seeing cybercriminals target organizations with large revenue streams, by disrupting their business continuity so they are not able to operate, and holding them ransom. Organizations from all industries must view these recent attacks as a wake-up call, if they are not preparing for similar situations within their own business then they are putting the business at risk.”

Some important ransomware observations discerned in the report include:

  1. Pandemic-themed bait: While the healthcare sector was a top target throughout 2020, many industries struggled with a more fragile financial outlook as well as the added challenges of remote-working employees, budget cutbacks and pandemic anxiety leading to enhanced cyber-vulnerability.
  2. Easy accessibility to Ransomware-as-a-Service: This attracted more entrants to the cybercriminal scene.
  3. Rise of double-extortion tactics: Several ransomware families — NetWalker, RagnarLocker, DoppelPaymer, etc., exfiltrated data first and used double extortion techniques to coerce victim organizations to pay up.
  4. Shifts in tactics: From high-volume ‘spray-and-pray’ techniques to a slower and more deliberate ‘stay-and-play’ approach where hackers take their time to analyze the infiltrated network before attacking, ransomware players had become more versatile and sophisticated.

To glean its findings, Unit 42 researchers analyzed ransomware leak site data available on the Dark Web and public websites, global threat data available via internal and external sources, and breach response data provided by the firm’s response team for the US, Canada, and Europe.