IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Double extortion ransomware pushes average payments close to $1 million

As the average payment approaches the landmark figure, experts reflect on times when the going rate was just $500

The average ransomware payment has risen 71% this year and is close to reaching $1 million, experts have said. 

In ransomware cases that have been assisted by incident responders at cyber security company Unit 42 of Palo Alto Networks, the average ransom paid was $925,162 in the first five months of 2022.

This represents a steep and “startling” rise from figures of previous years when average ransom payments were $541,009 and $303,756 in 2021 and 2020 respectively, said Ryan Olson, vice president of threat intelligence at Unit 42 in a blog post.

As recently as 2016, the company’s incident responders were seeing payments of just $500, and the rise of double extortion models has placed added pressure on organisations to pay ransom demands. 

Graph showing the average ransom demand and ransom payment in 2020 and 2021

Unit 42

Double extortion ransomware has become a popular operational model in recent years as companies are increasingly vigilant to ransomware attacks and are keeping better backups to avoid having to pay ransom demands.

The model sees attackers infecting a corporate network with ransomware, locking users out of machines as usual, but exfiltrates sensitive data before the infection chain begins, threatening to leak the data if the ransom isn’t paid. 

This places additional pressure on companies to maintain their reputation with customers and from a regulatory perspective for companies bound by stringent data protection laws like GDPR.

“Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms,” said Olson. “The rate of double extortion we’ve observed translates into one new victim every three to four hours.

“The cyber extortion crisis continues because cybercriminals have been relentless in their introduction of increasingly sophisticated attack tools, extortion techniques and marketing campaigns that have fueled this unprecedented, global digital crime spree,” he added. “Their ransomware-as-a-service (RaaS) business model has at the same time lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.”

Unit 42 has observed two instances of multi-million-dollar ransoms being paid this year, driven by the success of the Quantum Locker and LockBit 2.0 ransomware operations.

Related Resource

The Total Economic Impact™ of Mimecast

Cost savings and business benefits enabled by using Mimecast with Microsoft 365

Total economic impact of Mimecast - whitepaper from MimecastFree download

Companies that could be put out of business if they don’t pay the ransom will continue to be targeted, the researcher said, and it’s in these cases where the huge ransom demands will again be issued.

Olson cited Costa Rica as an example of how devastating ransomware can still be in 2022, five years on from WannaCry and six years after the average ransom demand was in the region of $500 - a pittance in today’s threat landscape.

The country has declared a state of emergency after it sustained an attack from the Conti ransomware and has since had a second ransomware gang targeting the country, this time focusing on its health service.

According to a separate report from Digital Shadows, the first quarter of 2022 saw a 25% decrease in ransomware activity compared to the previous quarter.

The company said the decrease in activity could be a result of a less prominent threat of the larger, more organised ransomware groups that have shuttered in recent months, such as REvil and BlackMatter.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022