The average ransomware payment increased 43 percent to $220,000 in 2021, according to an April 26 report by Coveware.
Twelve things you should know:
- The healthcare industry makes up 11.6 percent of industries targeted by ransomware attacks in 2021.
- The median ransom payment increased 59 percent from the fourth quarter of 2020 to the first quarter of 2021 to $78,398.
- The average ransom payment increased 43 percent from the fourth quarter of 2020 to the first quarter of 2021 to $220,298.
- Seventy-seven percent of ransomware attacks involved the threat to leak stolen data, a 10 percent increase from the fourth quarter of 2020.
- The most common types of ransomware are Sodinokibi, which controls 14.2 percent of the market share, followed by Conti V2 (10.2 percent) and Lockbit (7.5 percent).
- Netwalker used to be a top threat actor, but has ceased activities following a law enforcement takedown of infrastructure and the arrest of its cybergang.
- For Sodinokibi, Lockbit and BlackKingdom, flawed execution led to a total data loss for the cybercriminals in their extortion attempts.
- Conti and Lockbit have both been re-attacking prior victims with new extortion demands.
- Over hundreds of cases examined, Coveware has yet to encounter an example where paying a cybercriminal the ransom has helped the victim mitigate liability or avoid damaging the business or brand.
- Despite an increase in demands and higher prevalence of data theft, a growing number of victims are not paying ransoms.
- Victims should assume that data will not be destroyed, instead it will be traded to other cybercriminals, sold, misplaced or held for a future extortion attempt.
- Even when cyberterrorists delete data after receiving a payment, other parties may have copies to follow-up on a future ransomware attempt.