As thousands of cybersecurity practitioners gather in San Francisco for the annual RSA Conference, we thought it would be a good time to take a quick look at ransomware activity that we\u2019ve seen so far in 2022.<\/p>\n
The numbers are startling: The average ransomware payment in cases worked by Unit 42 incident responders rose to $925,162 during the first five months of 2022, approaching the unprecedented $1 million mark as they rose 71% from last year<\/a>. That\u2019s before additional costs incurred by victims including remediation expenses, downtime, reputational harm and other damages.<\/p>\n Those costs are staggering when you consider the trajectory of their growth. The average ransom payment in cases worked by our consultants in 2020 was about $300,000. It\u2019s hard to believe that the majority of transactions seen by our incident responders were $500 or less in 2016.<\/p>\n Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms. Called \u201cdouble extortion,\u201d the technique increases pressure on victims by adding a layer of public humiliation to the difficulty of losing access to files \u2013 identifying victims and sharing purported snippets of sensitive data stolen from their networks. The rate of double extortion we\u2019ve observed translates into one new victim every three to four hours, according to Unit 42\u2019s ongoing analysis of leak site data.<\/p>\n The cyber extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques and marketing campaigns that have fueled this unprecedented, global digital crime spree. Their ransomware-as-a-service (RaaS) business model has at the same time lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.<\/p>\n The results can be devastating: Costa Rica\u2019s government has suffered multiple ransomware attacks this year, including one in May that disrupted delivery of healthcare services<\/a>. The 157-year-old Lincoln College shut down last month<\/a> after a ransomware attack cut access to all university data, disrupting admissions for Fall 2022 \u2013 a cruel blow to an institution already seeking to recover from the pandemic.<\/p>\n This year\u2019s growth in payments was pushed up by two multi-million-dollar ransoms \u2013 one to a rising group, Quantum Locker, and one to LockBit 2.0, which has been this year\u2019s most active ransomware gang on double-extortion leak sites to date. Unfortunately, we have no reason to believe that extortion groups will stop seeking multi-million dollar payments \u2013 particularly in cases where organizations could be put out of business if they don\u2019t pay up.<\/p>\n