Skip to main content

Ransomware payments hit a new all-time high last year

Ransomware
(Image credit: Shutterstock)
Audio player loading…

As ransomware (opens in new tab) attacks hit more businesses than ever before in 2021, so too did the number of businesses that paid cybercriminals to unlock their data.

According to a new report (opens in new tab) from Palo Alto Networks' Unit 42 (opens in new tab), ransomware payments reached a new high last year driven by the fact that cybercriminals began using Dark Web “leak sites” to put additional pressure on victims to pay up.

Based on cases worked by incident responders from Unit 42 last year, the average ransom demand rose by 144 percent to reach $2.2m while the average payment climbed by 78 percent to $540k.

The industries hit hardest by ransomware attacks last year include professional and legal services, construction, wholesale and retail, healthcare and manufacturing.

Cyber extortion

Of the ransomware groups in operation last year, Conti (opens in new tab) was responsible for the most activity and it accounted for more than one in five of the cases worked by Unit 42's consultants.

REvil (opens in new tab) or Sodinokibi (which has since been shut down Russia's FSB (opens in new tab)) took the second spot at 7.1 percent followed by Hello Kitty (opens in new tab) and Phobos (opens in new tab) at 4.8 percent each. In addition to being responsible for the most attacks, the Conti ransomware group posted the names of 511 organizations on its Dark Web leak site which was more than any other group.

Palo Alto Network's report also goes into more details on how the cyber extortion ecosystem grew last year with the emergence of 35 new ransomware gangs. At the same time, ransomware groups invested their profits into the creation of easy-to-use tools and increasingly leveraged zero-day vulnerabilities.

Leak sites (opens in new tab) played a big role in getting organizations to pay ransom demands and the number of victims whose data was posted on such sites rose by 85 percent last year to reach 2,566 organizations. When it came to the location of leak site victims, 60 percent were in the Americas, 31 percent were in Europe, the Middle East and Africa and nine percent were in the Asia-Pacific region.

While ransomware groups continue to plague organizations around the world, law enforcement authorities and even tech giants like Microsoft (opens in new tab) have stepped up to try and disrupt their operations.

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.