UPDATED 06:00 EST / MARCH 17 2021

SECURITY

Report finds ransomware and ransom payments continued to surge in 2020

Not only did ransomware surge over 2020 but the average ransom payment also rose rapidly, according to a new report from Palo Alto Networks Inc.’s Unit 42 threat intelligence team and the Crypsis incident response team.

The Ransomware Threat Report 2021, based on global data from Unit 42 and Crypsis, found that adversaries took advantage of current events, in particular the COVID-19 pandemic, to lure victims into opening phishing emails, visiting fake websites or downloading malicious files as a vector to obtain access to install ransomware.

Perhaps not surprisingly, health organizations were in the crosshairs of ransomware operators, who were often brazen in their attacks in an attempt to make as much money as possible. They did so knowing that healthcare organizations needed to continue to treat COVID-19 patients to help save lives and couldn’t afford to have their systems locked out, and hence would be more likely to pay a ransom.

Sadly, ransomware operators were increasingly successful and at higher rates than in previous years. The average ransom paid out in the U.S., Canada and Europe increased from $115,213 in 2019 to $312,493, an increase of 171% year-over-year. The highest ransom paid by an organization also doubled to $10 million. Ransomware operators are also said to have become more greedy, with the highest ransomware payment demanded in 2020 also doubling to $30 million from 2015 to 2019.

One of the biggest trends in ransomware in 2020 was the rise of so-called “double-tap” attacks or what the report refers to as a double-extortion attack. That’s where a ransomware operator does not simply encrypt data then demand a ransom payment but also steals data and threatens to publish the stolen data if a ransom is not paid.

Netwalker was the most prolific form of ransomware using the method, with an estimated 113 victims between January 2020 and January 2021. Ragnar Locker sat in second place with 26 victims. Ragnar Locker victims include Italian drinks maker Davide Campari-Milano S.p.A. in November and French shipping giant CMA CGM S.A. in September, along with EDP Renewables North America LLC, Capcom Co. Ltd. and CWT Global B.V.

Although the rise of double-tap attacks was notable, a more traditional form of ransomware, Ryuk, remained the most common form of ransomware detected in 2020.

In the year ahead, the report notes, the ransomware-as-a-service model is likely to continue to rise along with the double-tap form of ransomware.

Image: Palo Alto Networks

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU