Largest ransomware demand now stands at $30 million as crooks get bolder

There's been a big rise in ransom payments over the past year - and some ransomware gangs are demanding vast amounts.
Written by Danny Palmer, Senior Writer

Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations that fall victim to these attacks has nearly tripled over the past year.

Cybersecurity researchers at Palo Alto Networks analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.

That represents a 171% year-over-year increase, allowing cyber criminals to make more money than ever before from ransomware attacks.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

Ransomware remains an effective tool for cyber criminals, because many organisations remain poorly equipped to deal with the threat, leading many victims to give in to extortion demands and pay a Bitcoin ransom in the hope they'll get the decryption key required to restore their network.

This has been helped along by the rise of additional extortion tactics, such as when cyber criminals encrypt and steal data, threatening the victim with publishing the stolen information if the ransom isn't paid. In some cases, this leads to organisations that could restore the network without paying the ransom giving into the blackmail and paying up anyway.

The continued success of attacks has led to some ransomware gangs becoming extremely bold with demands – and it's paying off. Before 2020, the highest ransom demand paid to cyber criminals stood at $5 million, but during the past year, that has doubled, with data in the report suggesting that one victim paid a ransom of $10 million to cyber criminals following a ransomware attack.

The highest attempted ransom demand during 2020 stood at $30 million – double the previous highest attempted demand of $15 million in previous years.

And given the continued success of ransomware attacks – and the emergence of successful new variants of ransomware and easy-to-use ransomware-as-a-service schemes – it's unlikely that cyber criminals will slow down any time soon.

"Ransomware is one of the top threats in cybersecurity," said John Davis, vice president of public sector at Palo Alto Networks.

"Organizations around the world are being held hostage by ransomware, and many are being forced to pay cybercriminals because they're not equipped to combat the threat for varying reasons, from a lack of recoverable backups to the cost of downtime outweighing the cost of paying the ransom," he added.

Ransomware groups including Ryuk, Egregor, DoppelPaymer and many others continue to plague organisations around the world in 2021, but with the right cybersecurity strategy, it's possible to defend against attacks.

Phishing emails remain a common means of cyber criminals infiltrating networks, so researchers recommend that employees should receive training to identify threats.

SEE: What is cyber insurance? Everything you need to know about what it covers and how it works

It's also recommended that remote desktop services should be secured with strong passwords and multi-factor authentication to protect against brute force attacks, while security patches should be applied to stop attackers taking advantage of known vulnerabilities.

Organisations should also regularly store backups of the network – and do somewhere offline – so if the worst happens and hackers do issue a ransom demand, the network can be restored without lining cyber criminals' pockets.


Editorial standards