According to Palo Alto Networks’ annual report, the average ransomware ransom demand for the first half of 2022 was $30 million, with a maximum payout of about 25% of that amount, indicating that hackers are willing to bargain with their victims.
Although the financial, legal and manufacturing sectors were the main victims, negotiations in these areas were not easy.Palo Alto Networks estimates that the average 2021 buyout for the financial industry was nearly $8 million. However, the average payment was only about $154,000, less than 2% of the original requirement. In addition, the average healthcare buyout in 2021 was over $1.4 million and the payment amount was $1.2 million (about 90%).
Let me remind you that we also wrote that Palo Alto Networks Warns of Massive Web Skimmer Attacks.
Palo Alto Networks also mentioned a double extortion technique in which the attacker not only encrypts an organization’s files, but also threatens to reveal sensitive information to customers or launch additional attacks if the ransom is not paid.
Palo Alto Networks threat analysts note that usage of ransomware without encryption will increase in the near future. This is partly due to the widespread use of the RaaS (Ransomware-as-a-Service) model, which even inexperienced cybercriminals can use. Cyberattacks against cloud services using the RaaS model could also increase as attackers in this environment are focused on discovering insecure credentials rather than demonstrating advanced technical skills.
Another simple and economical way to get hidden access to the system is a phishing attack. With the help of phishing and social engineering, the cybercriminal, while remaining undetected, simply forces the victim to hand over their credentials.
There is also a BEC attack (Business Email Compromise), which is a compromise of business email and allows a fraudster to gain access without complex technical methods of hacking. According to experts, the average amount of stolen funds after BEC attacks was $286,000.
It is worth noting that a cybercriminal in a negotiation can use information about an organization’s cyber insurance and calculate the amount of the required ransom based on the alleged payment to the victim from the insurance company.
There is also a threat to the company from its own employees. According to a Palo Alto Networks report, 3 out of 4 insider threats involve a disgruntled ex-employee who destroyed company data or gained access to networks after leaving.
While insider threats are not common in attacks seen by experts, they can be significant because the attacker knows exactly where to look for sensitive data. The authors of the report recommended that organizations carefully review and evaluate their data in order to implement a system to protect against ransomware attacks.
