Average Ransomware Ransoms Jump 130% While Use of Data Exfiltration Grows

Stu Sjouwerman | Feb 8, 2022

Average Ransomware RansomsWith pressures by law enforcement on ransomware gangs in 2021, and more stringent security requirements by cyber insurers, cybercriminals are changing their tactics to ensure a payoff.

The overarching story arc for ransomware is evolution. From the use of multiple forms of extortion, to the constantly growing “as-a-service” model, ransomware has managed to thrive. According to new data in Coveware’s just-released Q4 2021 Quarterly Ransomware Report, ransomware is getting worse:

  • Ransoms are up 130% from Q3 2021, now averaging $322K
  • Median ransom numbers are also up 63%, at $117K
  • Data Exfiltration is now a part of 84% of all ransomware attacks

And these attacks don’t just stop with encrypting systems; according to coveware, there are many more threat actions (tied to MITRE ATT&CK TTPs) that take place, including:

  • Persistence, in 82% of attacks
  • Lateral Movement, also in 82% of attacks
  • Credential Access, in 71% of attacks
  • Command & Control, in 63% of attacks
  • Collection, in 61% of attacks

Email Phishing now ties with RDP Access as the number one initial attack vector for ransomware attacks, making it imperative that you have a defense in depth strategy to fend off malicious content within emails. This should include Security Awareness Training to employ the user as part of the defense, helping to spot threatening content before it has an ability to enable a ransomware attack.

Topics: Ransomware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.