SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Wed, 30th Mar 2022
FYI, this story is more than a year old

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to dark web leak sites. Here they pressured victims to pay up by threatening to release sensitive data, according to research released by Unit 42 and Palo Alto Networks.

According to the 2022 Unit 42 Ransomware Threat Report, the average ransom demand in cases rose 144% in 2021 to US$2.2 million, while the average payment climbed 78% to US$541,010.

Palo Alto vice president and regional chief security officer Sean Duca says, “Ransomware groups are more active than ever, not just globally, but increasingly so right here in Australia. These attacks are no longer limited to specific sectors but hold industries such as critical infrastructure, healthcare, education, and energy hostage.

"As Australia becomes increasingly connected to the global community, not only will the number of attacks increase, but the level of extortion will accelerate significantly, and Australian organisations must remain vigilant and well equipped to deal with these security threats.

The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was number two at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organisations on its dark web leak site, the most of any group.

The report describes how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. It documents how criminal enterprises invested windfall profits into creating tools that are easier to use in attacks that increasingly leverage zero-day vulnerabilities.

The number of victims whose data was posted on leak sites rose 85% in 2021 to 2,566 organisations, according to Unit 42's analysis. Of this, 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region.

The most affected vertical industries were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Australia, ranked as number one in Asia Pacific for most ransomware attacks, and number seven globally. Also for the region, 2021 saw a 642% increase in dark web leaks on prior year, with 37% of all attacks on Australian organisations targeting the commercial and professional services sector. Overall, 38% of attacks targeted organisations in NSW while ACT was the least targeted geography.

Unit 42 Threat Intelligence deputy director Jen Miller-Osborn concludes, “In 2021, ransomware attacks interfered with everyday activities that people all over the world take for granted everything from buying groceries, purchasing fuel for our cars, to calling emergency services and obtaining medical care.

Palo Alto Networks is a cybersecurity company that offers an integrated platform powered by the likes of artificial intelligence, analytics, automation and orchestration, as well as an ecosystem of partners.