Palo Alto: average ransom paid by organizations in 2020 was $312,493

Another phenomenon that increased over the past year was "double extortion" – breaching an organization, stealing or encrypting its data, and demanding ransom, while at the same time threatening to sell the data  

Palo Alto: average ransom paid by organizations in 2020 was $312,493

Photo: Bigstock

The average ransom paid by organizations to cyberattackers last year was three times bigger than the average amount paid as ransom in the year 2019, according to a report by Unit 42, the research unit of Palo Alto Networks. There was a jump of 171% from the average amount of $115,123 paid in 2019 to the average amount of $312,493 last year. 

The research also found that the attackers, who see that ransom is bringing them considerable profits, are becoming even more greedy. The highest ransom payment doubled last year. The highest amount paid in 2019 was $5 million, but last year the highest amount was $10 million. Also, the highest amount of ransom demanded by attackers in 2019 was $15 million, but last year it was $30 million.

“Attackers are increasingly recognizing how much money that they can make, and there’s relative little barriers to entry,” said Jen Miller-Osborn, deputy director of threat intelligence at Palo Alto Networks. “You can get rich by never leaving your house, if this is the kind of thing you feel comfortable doing. Criminals are recognizing that this is a really easy way to potentially make a lot of money, so they’re targeting more organizations and evolving their tactics, and right now ransomware doesn’t really have a lot of negative consequences," she explained.

There is no question that the year of COVID-19 was exploited by attackers to increase their efforts to make easy profits amid the global crisis and the social distancing that forced organizations to organize very quickly, and not always thoroughly, to the remote work model. The attackers also knew how to exploit the situation when organizations found themselves in an emergency that did not always enable them to completely maintain security procedures.     

For example, last year there was a considerable increase in attempts at "phishing" based on misleading information on the topic of COVID-19 such as the sale of medicine, masks, sterilization and protection equipment, and more. The researchers found that almost 2,000 malicious domains with words connected to the pandemic were established every day. Even in terms of ransom demands, the healthcare was the most attacked industry in the year 2020.      

Another phenomenon identified by the researchers as on the rise during the last year was "double extortion", a type of attack that includes breaching an organization, stealing or encrypting data, and then demanding ransom, while threatening to sell the data on the dark net or to publish it on a public forum.   

In addition, the researchers estimated that ransomware attacks are becoming more sophisticated, and becoming a tool that is not only available to skilled attackers, but also as a service that criminals can acquire if they do not have the knowledge required to carry out complex attacks – or in other words, ransomware as a service. This model enables groups of skilled attackers, on the dark net, to offer ransomware for carrying out attacks, and to receive a percentage of the ransom paid to the person who carries out the attack.    

The researchers also analyzed, from a geographic standpoint, the cases when the demanded ransom was not paid, leading to the exposure of the data that was stolen or encrypted. Among those cases, 62% were in North and South America, 29% were in Europe, Africa and the Middle East, and 9% were in Asia and the Pacific area. 

The countries with the highest number of ransom demands were the US (47%), Canada (12%), and Germany (8%). In Israel, according to the data of Palo Alto Networks, five organizations discovered that the data stolen from them in attacks was posted on the dark net and was available for use by unauthorized individuals.