Unit 42 Ransomware Threat Report 2022

Ransomware attacks commanded headlines around the world in 2021, and show no signs of slowing down. In fact, cybercriminals are doubling down by finding additional ways to extort victims in conjunction with ransomware. Double extortion first took off in 2020 with the rise of dark web leak sites that cybercriminals used to identify ransomware victims and threaten to leak sensitive corporate data. In 2021, ransomware gangs took these tactics to a new level, popularizing multi-extortion techniques designed to heighten the cost and immediacy of the threat. For example, we’ve seen gangs make threatening phone calls to employees and customers and launch denial of service (DoS) attacks to shut down a victim’s website in an effort to incentivize payments.

In 2021, we also saw ransomware-as-a-service (RaaS) operators grow. RaaS operators offer a wide array of easy-to-use tools and services that make launching ransomware attacks almost as simple as using an online auction site. These operators have been making investments during these past few years to optimize their businesses – they have perfected their malware, developed marketing strategies to recruit more affiliates, and even built up technical support operations to help victims get back online once they pay their ransoms.

All these innovations have made it harder for organizations to defend against ransomware, forcing some to make the hefty sorts of payments that are documented in this report. The average ransom demand on cases worked by Unit 42 consultants last year climbed 144% to $2.2 million, while the average payment rose 78% percent to $541,010.

As these ransomware gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022. As a result, ransomware has become one of the top threats in cybersecurity and a focus area for Palo Alto Networks. This report provides the latest insights on established and emerging ransomware groups, payment trends, and security best practices. I hope these insights will help you better understand and manage the threat to your organization.

Ryan Olson
VP of Threat Intelligence,
Unit 42, Palo Alto Networks