Ransomware: Blackmail, payments and even gangs are on the rise

A new report from Palo Alto Networks highlights the latest developments in the phenomenon. In 2021, the average value of the requested ransoms was $ 2.2 million. Published on 30 March 2022 by Redazione

How far can the illicit profits of cybercriminals who launch ransomware attacks grow? Difficult to answer, but for years the escalation has continued and today it certainly does not seem to slow down. According to the latest report by Palo Alto Networks, in 2021 a new record was reached in ransom requests: the average figure reached 2.2 million dollars, growing by 144% compared to the levels of 20220. In addition, the value too. average payments increased 78% to $ 541,000. As you can see, between the amount of ransom requests and what the victims actually decide to pay there is a ratio of approximately four to one. But it is natural to wonder if these calculations escape a lot of ransoms paid and never declared. In any case, the trend is clearly upward. The publication of samples or entire data databases in data leak sites is also growing, + 85% in 2021 compared to 2020. A sign of how primary blackmail, which leverages data encryption (and therefore the blocking of operations) are increasingly accompanied by other objectives, of information theft or secondary extortion. The number of victims whose data was published on leak sites grew by 85% year on year, for a total of 2,566 organizations in 2021.

Last year, the sectors most affected by this type of threat were professional and legal services, construction, wholesale and retail trade, healthcare and manufacturing. "In 2021, ransomware attacks impacted the daily activities of people around the world, from shopping for groceries and fuel to calling emergency health numbers," said Jen Miller-Osborn, deputy director. of Unit 42 Threat Intelligence of Palo Alto Networks. Among the criminal gangs behind ransomware attacks, a protagonist of 2021 was the Conti group, in which people of Russian and Ukrainian nationality (curiously united, at least until before the war, by a common cybercriminal activity) operate or operate. This collective is responsible for a 15.1% share of the total ransomware activity detected last year. In second place was the author group of REvil (7.1% of the total), also known as Sodinokibi, and followed by Hello Kitty (4.8%), Phobos (4.8%) and SunCrypt (4, 8%). Another phenomenon reported in the Palo Alto report is also interesting: the emergence of 35 new ransomware gangs. The landscape of "bad guys" is also widening because cybercriminal groups have invested the high profits raised to create new attack tools that are easier to use, which increasingly exploit zero-day vulnerabilities.