Large and highly organized cybercrime groups like Conti are helping to drive up the overall cost of ransomware attacks, according to the latest annual analysis of the cybercrime method by Palo Alto Networks’ Unit 42.
“The average ransom demand in cases worked by Unit 42 incident responders rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010,” according to the company, which released its latest Ransomware Threat Report on Thursday.
Ransomware attackers were also more likely than ever to post information from data breaches on dark web “leak sites” as a tactic to prod victims to pay up, the report says. “The number of victims whose data was posted on leak sites rose 85% in 2021, to 2,566 organizations,” the company says.
About 1 in 5 ransomware cases worked by Unit 42 involved Conti, the Eastern European gang that has earned international media coverage in recent weeks after a leak of thousands of its own documents. In examining the leak, cybersecurity researchers have noted Conti’s professionalism and structure.
“Conti also posted the names of 511 organizations on its Dark Web leak site, the most of any group,” the report says.
Also prominent were attacks by REvil, also known as Sodinokibi, a group raided by Russian law enforcement before that country’s invasion of Ukraine. About 7 percent of ransomware incidents handled by Unit 42 were traced to that group. U.S. senators released a report Thursday that critiqued the FBI’s response to several REvil-linked cases.
Another sign of ransomware’s popularity: The company says it spotted 35 new ransomware gangs in 2021 alone.
Overall, based on what Unit 42 saw in its incident response cases, the most affected industries were professional and legal services, construction, wholesale and retail, health care and manufacturing.