Ransomware payments hit record highs last year, while related data leaks and ransom demands also surged, according to Palo Alto Networks.
The security vendor compiled the stats from cases worked on by its Unit 42 security consulting business.
Its 2022 Unit 42 Ransomware Threat Report published today claimed the average ransomware payment rose 78% year-on-year in 2021 to reach a record $541,010. Average ransom demands soared by 144% to reach $2.2m.
The prolific Conti group was responsible for most of the cases Unit 42 worked on last year, roughly a fifth of the total, followed by REvil, Hello Kitty and Phobos.
Conti was also the biggest leaker of stolen data, posting the names of 511 organizations on its dark web site. This helped to drive posts on name-and-shame sites by 85% year-on-year in 2021, according to the report.
Conti has recently been a target in its own right after a Ukrainian researcher leaked a trove of internal messages from the group in retaliation for its support of the Russian government.
The leak revealed the professionalism and success of the group, which spent an estimated $6m on salaries, tools and services in 2021. It’s organized in a strict hierarchy with employees set to work in specific business units such as OSINT, QA and pen-testing.
Average salaries of $1800 are more than triple the average in Russia, ensuring a steady stream of applicants joins the criminal enterprise.
According to Palo Alto, 35 new ransomware groups emerged in 2021, although many are thought to be rebrands of previous entities. Soaring profits are being reinvested into improved attack tools and zero-day exploits, it claimed
“In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted – everything from buying groceries, purchasing gasoline for our cars to calling 911 in the event of an emergency and obtaining medical care,” argued Jen Miller-Osborn, deputy director, Unit 42 Threat Intelligence.
According to the latest FBI data, over 600 critical infrastructure organizations were compromised by ransomware last year.