Average Ransom Payment Up 71%


The average ransomware payment in cases worked by Unit 42 incident responders rose to US$925,162 (AU$1,288,867) during the first five months of 2022, approaching the unprecedented US$1 million mark as they rose 71% from last year. That’s before additional costs are incurred by victims including remediation expenses, downtime, reputational harm, and other damages.

The findings, released by Palo Alto Networks’ threat intelligence arm Unit 42, reveal a staggering trajectory. The average payment in cases worked by the unit’s consultants in 2020 was US$300,000 (AU$417,938), and the majority of transactions seen by incident responders were US$500 (AU$697) or less in 2016.

Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms. Called “double extortion,” the technique increases pressure on victims by adding a layer of public humiliation to the difficulty of losing access to files – identifying victims and sharing purported snippets of sensitive data stolen from their networks. The rate of double extortion translates into one new victim every three to four hours, according to Unit 42’s ongoing analysis of leak site data globally.

The cyber extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques, and marketing campaigns that have fueled this unprecedented, global digital crime spree. Their ransomware-as-a-service (RaaS) business model has at the same time lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.

This year’s growth in payments was pushed up by two multi-million-dollar ransoms – one to a rising group, Quantum Locker, and one to LockBit 2.0, which has been the most active ransomware gang on double-extortion leak sites so far this year.

“The average ransomware payment has soared to more than $1.2m this year, which is triple the amount we saw in 2020 and thousands of times more than what was paid in 2016. This highlights just how critical robust cyber security policies and protections are to businesses in this day and age,” said Sean Duca, vice president, and chief security officer for Asia Pacific & Japan. “Cyber criminals know where the money is. As Australia becomes increasingly linked to the global economy and our lives move further online, business leaders and governments must be vigilant in protecting their critical IP and infrastructure, as this growth trajectory is likely to continue.”