Palo Alto Networks Sees Rise in Ransomware Payments
Palo Alto Networks this week disclosed that, in cases worked by its Unit 42 incident response team, the average ransomware payment rose to $925,162 during the first five months of 2022.
That average was pushed higher by two multi-million dollar payments, but it’s clear that it’s only a matter of time before the average ransomware payment exceeds $1 million.
Each day, on average, details about seven new ransomware attack victims are posted on dark web leak sites. Most of those instances involve double extortion. After negotiating initial payment to return access to an organization’s data, ransomware gangs often threaten to expose that sensitive data unless an additional payment is made. Palo Alto Networks estimates there is one new double extortion victim every three to four hours.
Jen Miller-Osborn, deputy director of threat intelligence for Unit 42, said as the cost of ransomware continues to rise, more organizations will need to shore up their defenses by, for example, embracing zero-trust IT frameworks. If the attacks themselves can’t be completely prevented, then the focus should at least be on limiting the scope of the damage that can be inflicted by employing microsegmentation to better isolate silos of data, she said. That may wind up requiring additional resources, but given the current state of cybersecurity, some organizations may even be able to reduce the total cost of cybersecurity as they transition to more modern platforms, noted Miller-Osborn.
Unfortunately, it’s simply too easy for individuals with little to no technical acumen to leverage ransomware-as-a-service platforms to extort money from organizations that are willing to pay ransoms to retrieve data. However, governments around the world are starting to marshal the technical and financial apparatus required to better combat the current ransomware scourge, she added.
The Cybersecurity and Infrastructure Security Agency (CISA) recently announced that a joint ransomware task force, as called for in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), has officially been formed. The U.S. Federal Bureau of Investigations (FBI) will co-chair a task force focused on disrupting the illicit activities of cybercriminal gangs. The U.S. Department of Justice (DOJ), meanwhile, is also more aggressively tracking the illegal cryptocurrency transactions that are used to facilitate ransomware payments.
The resources that are collectively being brought to bear should make it much more difficult for many cybercriminals to engage in ransomware and also hold on to the funds they extort, noted Miller-Osborn.
It’s not likely ransomware will be entirely eliminated any time soon, but at least the sheer volume of it can be reduced. The danger is that, once thwarted, many cybercriminals will simply shift tactics in a way that could lead to a whole host of other cybersecurity challenges, said Miller-Osborn.
In the meantime, organizations will need to shift cybersecurity tactics as the threat landscape evolves and the overall size of the defensible attack surface continues to expand. The challenge is that, as always, the attackers only need to guess right once to potentially wreak havoc while cybersecurity teams need to be right thousands of times a day to thwart those attacks.
