Average ransomware payment demands soars as criminals grow more confident

Image Credit: Shutterstock (Image credit: Shutterstock)

New research has identified the recent rise in ransomware demands as a reflection of the rising confidence by criminal gangs in their abilities, in the data they steal, and in the disruptive potential of their encryptors.

A report from Comparitech found the average extortion demand per ransomware attack was more than $5 million in the first half of 2024. 

To come to this figure, Comparitech analyzed 56 known ransom demands that were made between January and June 2024, the biggest of which for $100 million, asked from India’s Regional Cancer Center (RCC) in April 2024, followed by the attack on Synovis (UK pathology services provider) with $50 million, and London Drugs - $25 million.

LockBit (still) making headlines

In total, there were 421 confirmed ransomware attacks in the first half of the year, in which more than 35 million data records were stolen. Compared to the same period last year, there were fewer attacks, with not that big of an impact. For H1 2023, there were 704 recorded incidents impacting more than 155 million data records.

However, the figure is likely to be a lot bigger, since various ransomware gangs claimed responsibility for another 1920 attacks that were not confirmed by their respective victims. 

Businesses in the private sector were the biggest targets (240 attacks, almost 30 million records), followed by government (74 attacks, 52,000 records) and healthcare (63 attacks, 5.4 million records). 

Ironically enough, of all the different ransomware operators, LockBit was the most active one, with at least 48 confirmed attacks. For those unfamiliar with LockBit’s story, the group was severely disrupted by law enforcement in February, when Operation Cronos saw the seizure of thousands of servers, decryption keys, stolen data, and two data leak sites. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.