Friday, August 27, 2021 at 12:59 AM
Takeaways on ransomware for the second quarter of 2021
Even though it has only been three months since we released our previous Ransomware Takeaways, a lot has occurred in that time.
Assaults on high-profile targets dominated headlines last quarter, but the bulk of attacks were carried out by people we seldom hear about, with repercussions that were frequently much more severe than increased gas prices.
The results of a recent study of 130 hospitals and healthcare organizations revealed that almost half of them claimed that they were forced to disconnect their networks in the first half of 2021 as a result of ransomware attacks.
If you have any responsibility for the IT infrastructure and/or data of your company, you almost certainly keep up with the latest ransomware headlines. Nonetheless, since the dynamics are always shifting, you may find it helpful to keep an eye on the big picture changes as they unfold in order to better inform your decision-making. Here are five short, timely, and easily shareable insights from our monitoring throughout the second quarter of 2021.
1. Demands for ransom have reached new highs.
In an assault on Kaseya that impacted 1,500 companies who utilize the company's software solutions, the REvil ransomware syndicate began negotiating for $70 million after a ransom demand was made. Earlier this year, REvil filed two separate $50 million lawsuits against computer maker Acer and Apple supplier Quanta, both of which were settled out of court.
According to Coalition, a cybersecurity and cyber insurance company, although the greatest demands reach stratospheric heights, the average needs are also rising at a rapid pace. Cyber Insurance Claims Report for H1 2021 stated that the average ransom demand made against their customers rose to $1. 2 million per claim in the first half of 2021, from $450,000 in the first half of 2020, as reported by the company.
2. Ransom payments seemed to be in a state of flux.
In their 2021 Ransomware Threat Report, cybersecurity company Palo Alto Networks reported an 82 percent rise in average ransom payments in the first half of 2021, reaching a new high of $570,000 for the first time. Despite this, the cybersecurity company Coveware, which monitors payments weekly, revealed a lower figure: in the second quarter of 2021, they estimated average payments at $136,576 after reaching a high of $233,817 in the fourth quarter of the previous year. Because monitoring payments is a difficult science to master—companies are not obliged to record events, much alone ransom demands or money received—different sources reveal different patterns. Companies that monitor individual payments, as a result, are restricted in their scope by the constituencies they serve and the data they may collect.
A blockchain data platform that monitors payments to blockchain addresses associated with ransomware attacks, Chainalysis, used a different method and discovered that the total amount paid by ransomware victims rose by 311 percent in 2020, reaching over $350 million in bitcoin. They released an update in May 2021 after discovering additional addresses that increased the total to more over $406 million dollars. They anticipate the number to continue to rise in the coming years.
We will continue to monitor information from across the industry and adjust for variations in future reporting, but the evidence does point to one conclusion: ransomware will continue to spread as long as it is lucrative.