Record Ransomware Demand Clocks at $30 Million in 2020
Ransomware is not going anywhere. It continues to dominate high-profile cyber criminal activity and the targets who become victims of ransomware attacks keep growing.
Security researchers working with Palo Alto Networks took a close look at ransomware attacks across the last two years and found that the average ransom payouts rose from around $115 thousand to over $310 thousand on a year over year basis. A increase of over 170% is nothing to joke about, especially when it comes to what is essentially cyber terrorism.
This trend encourages hopeful future cyber criminals to take up developing new and more devious strains of ransomware, which only compounds the problem.
A large part of the reason why ransomware is booming is how easy infecting relatively large entities and organizations turns out to be. Over the past few years we've seen a disturbing number of big institutions, government bodies, health and educational institutions, as well as big corporations fall victim to ransomware attacks. A lot of those attacks were accompanied by ludicrous ransom payouts.
There is an avalanche effect of sorts - as greater ransomware payments are effected, bad actors push the envelope and get increasingly bolder with their demands. Until 2020 the highest hackers dared to go was $5 million. However, 2020 saw ransom demands to the tune of $10 million.
The record-setting ransom demand was made in 2020 as well and stood at a whopping $30 million.
New and increasingly more advanced ransomware variants keep popping up, more or less on a monthly basis. There is no real end in sight when it comes to how far bad actors can push things when it comes to evasion and malicious capabilities.
Tragically, some smaller targets find it easier, cheaper and faster to pay the ransom than hire expensive expert services to clean and attempt to restore systems. This further compounds the problem.
The battle against ransomware, however, is not an unwinnable one. The most common infection vector still remains phishing e-mails and the threat associated with those can largely be eliminated through rigorous staff security training. Additionally, a competent security team can help a lot in securing a network against potential intrusion.
At the very least, a good cyber security protocol can minimize data loss significantly, even if a strain of ransomware does find its way on the network. Of course, backups cannot eliminate the downtime and losses associated with a successful attack, but are still a much better alternative to total data loss or paying exorbitant ransoms.
