Skip to main content

Elite industry incident response advisors Palo Alto Networks 2021 Ransomware Threat Report: average ransom payment almost tripled

The Palo Alto Ransomware Threat Report is one of the industry’s most highly anticipated reports on today’s top cyber threats and adversaries.

The dark side of Ransomware-as-a-Service would make Rasputin proud, with ransomware so prevalent these days that a surge in demands during 2020/21 revealed that the average ransom payment to cyber criminals has almost almost tripled.

Palo Alto Network’s report also reveals “a significant increase in the highest ransom paid to hackers ($6.4 million in 2019 to $12.9 million in 2020) and the highest ransom demanded from hackers has doubled ($19.3 million in 2019 to $38.6 million in 2020).”

What is ransomware?

Ransomware is a small piece of criminal software that highjacks your computer by encrypting your files, denying you access to them, and then demands online payment for their release.

Ransomware is distributed by email, social network messages and infected websites. You may receive an email that looks like it comes from someone you know. The goal is to get you to open an attachment or click on a web link in the email, which then downloads malware to your computer.

Or you may receive a Facebook message that includes a graphics attachment. Once opened, the file redirects you to a website which prompts you to install a browser extension so that you can view a (fake) YouTube video. Installing this extension opens the door for a ransomware infection.

Unprotected websites and unsecured web servers are another attack vector. Cyber criminals look for websites with faulty code and insert ransomware distribution scripts into the web pages.

What is Ransomware-as-a-Service (RaaS)?

Ransomware-as-a-Service (RaaS) is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment.

In the past, coding erudition was a requirement for all successful hackers. But now, with the introduction of the RaaS model, this technical prerequisite has been completely diluted.

RaaS users don’t need to be skilled or even experienced, to proficiently use the tool. RaaS solutions, therefore, empower even the most novel hackers to execute highly sophisticated cyberattacks.

RaaS solutions pay their affiliates very high dividends. with some affiliates earning up to 80% of each ransom payment.

The low technical barrier of entry, and prodigious affiliate earning potential, makes RaaS solutions specifically engineered for victim proliferation.

2021 Ransomware Threat Report

Palo Alto Network’s Ransomware Threat Report, states that all organisations are “in the crosshairs”, with ransomware operators taking advantage of the COVID-19 pandemic “to prey on organisations — particularly the healthcare sector”, which was the most targeted vertical for ransomware in 2020.

The report states “ransomware operators were brazen in their attacks in an attempt to make as much money as possible, knowing that healthcare organisations — which needed to continue operating to treat COVID-19 patients and help save lives — couldn’t afford to have their systems locked out and would be more likely to pay a ransom.”

The report also notes the rise of “double extortion”, which is now a common ransomware attack which “consists of the ransomware operator encrypting data and forcing the victim to pay a ransom to unlock it.”

In a case of double extortion, ransomware operators encrypt and steal data to further coerce a victim into paying a ransom. If the victim doesn’t pay the ransom, the ransomware operators then leak the data on a leak site or dark web domain, with the majority of leak sites hosted on the dark web.

These hosting locations are created and managed by the ransomware operators. At least 16 different ransomware variants are now threatening to expose data or utilise leak sites, and more variants will likely continue this trend.

Indeed, late last year, cyber protection powerhouse Acronis predicted 2021 would be the “year of extortion“, and sadly, the prediction from it and other security advisors is coming true.

The 2021 Ransomware Threat Report is a detailed, 18 page PDF document, you can download the full report here.

What to do if you became a victim of a ransomware attack?

If you have become the victim of a ransomware attack, you have very few options:

  • Restore your system from a Backup
  • Format the hard drive to wipe out all data and then re-install the operating system and applications. You lose all of your personal data and may face costly additional licensing fees to restore your old software environment.
  • Some ransomware gangs don’t deliver the promised decryption key. Others may be caught by authorities, or disappear before they can deliver on their end of the ransom bargain.

What is the best way to protect your computer from ransomware?

Backup (with a copy of backup data stored in the cloud) is the only sure way to recover your data after a ransomware attack without paying the ransom.

Run full image backup. If your system is compromised, you’ll be able to restore the entire system at once, without going through files one by one.

Ransomware poses a real threat to every computer user and every device connected to the internet. Get educated, be vigilant, and spread the world with your colleagues, friends and family. Don’t be fooled, and protect your data with backup.

End the threat of ransomware attacks

Ransomware attacks are becoming more sophisticated and cybersecurity professionals are taking action. With the right tools, you can prevent, detect and respond quickly to ransomware attacks threatening your organisation.

Talk to one of our team today to learn more about our capabilities; how we’re bringing people, business and technology together; and what this means for you.