Cybercriminals appear to be more aggressive with their idealistic ransom demands as some gangs continue to evolve, using new “quadruple extortion” tactics to ensure payment.
In security vendor Palo Alto Network’s recent Unit 42 Ransomware Threat Report, 1H 2021 Update, we get a taste of some data points that spell future trouble for organizations hit with ransomware. According to the Update:
- Last year’s average demand was $847,000. Today it’s $5.3 Million
- The highest demand seen by Unit 42 consultants was $50 Million
- Not only is the ransom demand up, but the average ransomware payments have climbed 82% since 2020 to a record $570,000 in the first half of 2021
- The largest disclosed ransom payment was $11 Million by meat producer JBS
To make matters worse, in addition to the use of threatening to contact customers, business partners, employees and media as the third form of extortion, Unit 42 is now seeing a fourth mode – adding a Denial of Service (DoS) attack against the victim’s websites – now counting as a quadruple extortion.
The ransomware gangs are getting laser focused on how to turn up the pressure on victim organizations. And it’s evident that if you choose to take your chances, it’s likely going to cost you a lot to pay your way out.
The less expensive and more effective alternative is to minimize the human attack surface found in phishing attacks through the use of Security Awareness Training to educate users on how to avoid becoming a victim of phishing, spear phishing, and social engineering attacks. By teaching them to spot suspicious and/or malicious content, they can eliminate any interaction that would enable a threat actor from continuing their attack.