Palo Alto Networks (PANW) released new research from threat researchers Unit 42 showing ransomware payments booming last year as cybercriminals relied on Dark Web “leak sites” to pressure victims to pay up by threatening to release sensitive data. 

The average ransom demand in cases worked by Unit 42 incident responders rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010. The most affected industries were Professional and Legal Services, Construction, Wholesale and Retail, Healthcare, and Manufacturing. 

Further in the research, the Conti ransomware group was a responsible threat actor in the Asia Pacific, accounting for over 1 in 5 cases in 2021. REvil, also known as Sodinokibi, is second, followed by Hello Kitty and Phobos. 

2022 Unit 42 Ransomware Threat report
(source: Palo Alto)

Generally, the report details how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. In addition, it documents how criminal enterprises invested windfall profits into creating easy-to-use tools in attacks that increasingly leverage zero-day vulnerabilities. 

The number of victims whose data was posted on leak sites rose 85% in 2021 to 2,566 organizations. Moreover, 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East, Africa, and 9% in Asia-Pacific. 

To read the whole “2022 Unit 42 Ransomware Threat” report, review or download it here. You can also read the report summary on the Unit 42 blog


Please enter your comment!
Please enter your name here