Losgeld voor ransomware stijgt met 71 procent

Het gemiddelde losgeldbedrag nadert snel de 1 miljoen dollar nu de ransomware-crisis wereldwijd schade blijft aanrichten bij organisaties van elke omvang en in elke sector. Dit blijkt uit een nieuwe blog van Ryan Olson, Vice President bij Unit 42, het incident response and threat research team van Palo Alto Networks.

In zaken waaraan Unit 42 de eerste vijf maanden van dit jaar heeft gewerkt was het gemiddelde losgeldbedrag 925.162 dollar, een stijging van 71 procent ten opzichte van vorig jaar.

"Die kosten zijn duizelingwekkend als je kijkt naar het groeitraject," zegt Olson. "De gemiddelde betaling in zaken waar in 2020 door onze adviseurs aan werd gewerkt, was ongeveer 300.000 dollar. Het is moeilijk te geloven dat de meerderheid van de transacties die ons onderzoeksteam in 2016 zag 500 dollar of minder waren."

By Ryan Olson

As thousands of cybersecurity practitioners gather in San Francisco for the annual RSA Conference, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.

The numbers are startling: The average ransomware payment in cases worked by Unit 42 incident responders rose to $925,162 during the first five months of 2022, approaching the unprecedented $1 million mark as they rose 71% from last year. That’s before additional costs incurred by victims including remediation expenses, downtime, reputational harm and other damages.

Those costs are staggering when you consider the trajectory of their growth. The average ransom payment in cases worked by our consultants in 2020 was about $300,000. It’s hard to believe that the majority of transactions seen by our incident responders were $500 or less in 2016.

Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms. Called “double extortion,” the technique increases pressure on victims by adding a layer of public humiliation to the difficulty of losing access to files – identifying victims and sharing purported snippets of sensitive data stolen from their networks. The rate of double extortion we’ve observed translates into one new victim every three to four hours, according to Unit 42’s ongoing analysis of leak site data.

The cyber extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques and marketing campaigns that have fueled this unprecedented, global digital crime spree. Their ransomware-as-a-service (RaaS) business model has at the same time lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.

The results can be devastating: Costa Rica’s government has suffered multiple ransomware attacks this year, including one in May that disrupted delivery of healthcare services. The 157-year-old Lincoln College shut down last month after a ransomware attack cut access to all university data, disrupting admissions for Fall 2022 – a cruel blow to an institution already seeking to recover from the pandemic.

This year’s growth in payments was pushed up by two multi-million-dollar ransoms – one to a rising group, Quantum Locker, and one to LockBit 2.0, which has been this year’s most active ransomware gang on double-extortion leak sites to date. Unfortunately, we have no reason to believe that extortion groups will stop seeking multi-million dollar payments – particularly in cases where organizations could be put out of business if they don’t pay up.