IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Double extortion ransomware pushes average payments close to $1 million

As the average payment approaches the landmark figure, experts reflect on times when the going rate was just $500

The average ransomware payment has risen 71% this year and is close to reaching $1 million, experts have said. 

In ransomware cases that have been assisted by incident responders at cyber security company Unit 42 of Palo Alto Networks, the average ransom paid was $925,162 in the first five months of 2022.

This represents a steep and “startling” rise from figures of previous years when average ransom payments were $541,009 and $303,756 in 2021 and 2020 respectively, said Ryan Olson, vice president of threat intelligence at Unit 42 in a blog post.

As recently as 2016, the company’s incident responders were seeing payments of just $500, and the rise of double extortion models has placed added pressure on organisations to pay ransom demands. 

Graph showing the average ransom demand and ransom payment in 2020 and 2021

Unit 42

Double extortion ransomware has become a popular operational model in recent years as companies are increasingly vigilant to ransomware attacks and are keeping better backups to avoid having to pay ransom demands.

The model sees attackers infecting a corporate network with ransomware, locking users out of machines as usual, but exfiltrates sensitive data before the infection chain begins, threatening to leak the data if the ransom isn’t paid. 

This places additional pressure on companies to maintain their reputation with customers and from a regulatory perspective for companies bound by stringent data protection laws like GDPR.

“Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms,” said Olson. “The rate of double extortion we’ve observed translates into one new victim every three to four hours.

“The cyber extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques and marketing campaigns that have fueled this unprecedented, global digital crime spree,” he added. “Their ransomware-as-a-service (RaaS) business model has at the same time lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.”

Unit 42 has observed two instances of multi-million-dollar ransoms being paid this year, driven by the success of the Quantum Locker and LockBit 2.0 ransomware operations.

Related Resource

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

Total economic impact of Mimecast - whitepaper from MimecastFree download

Companies that could be put out of business if they don’t pay the ransom will continue to be targeted, the researcher said, and it’s in these cases where the huge ransom demands will again be issued.

Olson cited Costa Rica as an example of how devastating ransomware can still be in 2022, five years on from WannaCry and six years after the average ransom demand was in the region of $500 - a pittance in today’s threat landscape.

The country has declared a state of emergency after it sustained an attack from the Conti ransomware and has since had a second ransomware gang targeting the country, this time focusing on its health service.

According to a separate report from Digital Shadows, the first quarter of 2022 saw a 25% decrease in ransomware activity compared to the previous quarter.

The company said the decrease in activity could be a result of a less prominent threat of the larger, more organised ransomware groups that have shuttered in recent months, such as REvil and BlackMatter.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022