2021 Ransomware Threat Report

Foreword

Before joining Palo Alto Networks, I served 35 years in the US military, with the last 10 of those years devoted to cyber-related assignments. During my tenure, I was able to see firsthand how ransomware was a major threat to national security—and we’re still seeing it today.

Ransomware is one of the top threats in cybersecurity. According to the Identity Theft Resource Center, there were 878 cyberattacks in 2020, 18% of which were recorded as ransomware.1 This threat is a focus area for Palo Alto Networks. Our global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends, and security best practices so we can best understand and manage the threat.

Put simply: ransomware is a lucrative business. The average ransom paid by organizations in the US, Canada, and Europe increased from US$115,123 in 2019 to $312,493 in 2020—a 171% year-over-year increase. With new tactics like double extortion, this number will only continue to rise.

Organizations around the world are being held hostage by ransomware, and many are being forced to pay cybercriminals because they’re not equipped to combat the threat for varying reasons, from a lack of recoverable backups to the cost of downtime outweighing the cost of paying the ransom.

We need to significantly reduce this criminal enterprise, which is why I’m proud that Palo Alto Networks is a member of the Institute for Security and Technology’s Ransomware Task Force (RTF) , in which I serve as a co-chair.

The RTF is focused on developing a suite of recommendations for a comprehensive strategy to mitigate the ransomware threat. To develop a set of solutions that will attack all sides of the ransomware scourge, the RTF has recruited a large and diverse set of experts who are currently investigating a broad array of avenues for recommendations—acknowledging all of the good work that has already been done in this space.

This means exploring questions like:

• What can we do to better prepare organizations for a ransomware attack?
• How can organizations understand and best respond to a ransomware attack?
• What are the greatest barriers for ransomware security adoption?
• How can we make it more difficult for ransomware actors to carry out an attack?
• How can we make the outcome of a ransomware attack less destructive?
• How can we create solutions tailored to the many different victims of ransomware attacks?

As these discussions progress, the task force aims to provide clear and actionable recommendations for both public and private sector decision-makers internationally in spring 2021.

I believe resources like the 2021 Unit 42 Ransomware Threat Report will help us in this effort to learn everything we can about this threat, enabling us to work across the public and private sectors to collaboratively reduce the ransomware problem to something more manageable than the significant threat we face today.

John Davis
Retired US Army Major General
Vice President of Public Sector at Palo Alto Networks