Ransomware is having a bit of a moment. Check Point revealed that ransomware attacks increased 102% globally in H1 2021 compared to the start of the previous year, with the number of corporate ransomware victims having doubled over that same period. Average ransom payments also grew 171% from $115,123 in 2019 to $312,493 a year later. But those weren’t the amounts originally demanded by attackers. Indeed, ransomware actors wanted an average of $847,344 from their victims in 2020. Some wanted as high as $30 million.

What’s Behind These Findings?

Gartner put it best when it stated the following: “The challenges of ransomware and other forms of malware are the ever-changing tactics and agendas of [malicious] hackers.”

Take the tactic of triple extortion as an example. Apparently, ransomware actors aren’t satisfied with doubly extorting their victims, once for a corresponding decryption key and the second time for the deletion of their stolen data. Why else would they decide to begin demanding payments from the customers, partners, and other third parties for their original victims?

Threatpost described one incident in which ransomware actors succeeded in infecting a Finnish psychotherapy clinic, for instance. The victim ultimately satisfied the attackers’ demands. Even so, that didn’t stop the ransomware actors from informing the clinic’s patients that they would publish their session notes unless they paid up.

The rise of double encryption also helps to explain ransomware’s growth. As noted by Wired, double encryption is a technique where attackers use more than one ransomware strain to affect a victim’s data. Sometimes, double-encryption may involve the use of what’s known as “side-by-side” encryption where the attackers split which systems and data they encrypt between two or more ransomware strains. Other times, it may involve “layered encryption” where the attackers deploy one ransomware strain and then (Read more...)