Average Ransomware Payment Significantly Increases Risk

Average Ransomware Payment Rises The average ransomware payout has increased by 178% over the past year, according to researchers at Atlas VPN. In Q4 2019, the payments averaged $84,000. By Q3 2020, the average payment had risen to $234,000. These numbers have steadily increased each quarter.

“From Q4 2019 to Q1 2020, the average payment demand rose by over $27 thousand, from $84 thousand to $111 thousand, which is a 33% increase,” the researchers write. “In the second quarter, ransom payouts spiked drastically by almost $67 thousand, representing a 60% jump. Finally, the ransom demand payouts peaked in the third quarter of 2020, hitting almost $234 thousand, or a 31% jump compared to the previous quarter.”

The researchers attribute this trend to the increasing sensitivity of data encrypted and stolen by ransomware operators.

“Cybercriminals expect larger payouts when they target bigger companies, steal more data, or the information stolen is extremely sensitive,” Atlas VPN says. “For example, instead of stealing user email addresses, hackers now target financial details, personal information like social security numbers (SSNs), and police reports.”

Additionally, the number of recorded ransomware attacks nearly doubled in 2020, which the researchers say is primarily due to the increase in remote work brought on by the pandemic.

“There were 78.36 million ransomware attacks detected in Q3 of 2020, while in Q3 2019, the number stood at 40.95 million,” the researchers write. “This constitutes a 91% jump in ransomware attacks in one year. Adding up all the ransomware attacks in the first three quarters of 2020 amounts to 199.75 million, a 40% rise in attacks compared to 142.4 million in 2019.”

Atlas VPN offers the following advice for organizations to defend themselves against these attacks:

“Firstly, employees should follow well-known cybersecurity practices, such as using 2-Factor Authentication (2-FA) whenever possible, not clicking on suspicious links, and updating their software and OS. These steps might seem like basic practices, but surprisingly, many people do not follow them.
“Employers should set up employee training workshops where a security specialist shares security practices together with scenarios that could happen if these tips are not followed. Showcasing incidents that already happened in other companies could be of value to show employees how a single malicious link can cripple a company.”

Ransomware isn’t a trivial threat: it can be a business-killer, and it’s expected to rise in 2021. New-school security awareness training can give your organization a vital layer of defense by equipping your employees with the skills they need to thwart cyberattacks.

Atlas VPN has the story.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

Here's how it works: