Cyber extortion surges 78 percent on spread of ransomware-as-a-service

By Jim Tyson for CFODive.com

• The average ransomware payment to cybercriminals surged 78% last year to $541,010, fueled in part by the rapid spread of ransomware-as-a-service (RaaS) business models that reduce barriers to entry for cyber extortionists, Palo Alto Networks said.

• Ransomware attacks “show no signs of slowing down,” according to Ryan Olson, vice president of threat intelligence at Palo Alto Networks. “The long-term effects of these ransomware attacks can be devastating, going beyond the actual cost of the ransom to include a number of ancillary costs associated with downtime, remediation and disruptions to business,” the company said in a report.

• Ransomware criminals last year targeted companies in the Americas in 60% of their attacks and demanded on average $2.2 million from their victims, a 144% increase compared with 2020, Palo Alto Networks said.

CFOs and their C-suite colleagues last year faced a record onslaught of cybercrime, according to the FBI.

Ransomware, “business email compromise” schemes and the criminal use of cryptocurrency were the leading causes of internet crime complaints to the FBI last year, pushing up reported abuses 7% compared with 2020 to a record 847,376. Potential losses exceeded $6.9 billion, the FBI said in a report.

“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication,” the FBI said.

The frequency of ransomware attacks has increased “exponentially” in recent decades, in part because of the rise of cryptocurrencies, according to the Senate Committee on Homeland Security and Governmental Affairs. It cited estimates by a cybersecurity company that there were 623 million such attacks worldwide in 2021.

U.S. companies last year were the No. 1 target of ransomware hackers, facing 421 million attempted breaches, an increase of 98% compared with 2020, the Senate committee said in a report.

Cybercriminals most commonly infect targets with ransomware through phishing, remote desktop protocol exploitation and entry through software weaknesses, the FBI said this month.

The widespread shift to remote work and schooling after the start of the pandemic in 2020 “expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching,” according to the FBI.

Ransomware criminals last year most frequently targeted healthcare, public health, financial services and information technology among organizations considered “critical infrastructure,” the FBI said.

“The tactics employed by these cybercriminals mirror the growing sophistication and maturity of the ransomware landscape,” Palo Alto Networks said.

Deploying “multi-extortion techniques,” attackers after encrypting the files of a company “name and shame” the victims and threaten to broaden their attacks to distributed denial of service or other disruptions to coerce victims to quickly pay ransoms, Palo Alto Networks said. Cybercriminals in 2021 released the names and proof of compromise for 2,566 victims, an increase of 85% compared with 2020.

“Extremely prolific” RaaS sponsors sell startup kits and support services to emerging cybercriminals, reducing the barrier to entry and speeding the introduction and spread of attacks, Palo Alto Networks said.

“RaaS operators offer a wide array of easy-to-use tools and services that make launching ransomware attacks almost as simple as using an online auction site,” Olson said. “They have perfected their malware, developed marketing strategies to recruit more affiliates and even built up technical support operations to help victims get back online once they pay their ransoms.”

Nearly three out of five (58%) companies take more than a month to recover from a ransomware attack, Palo Alto Networks said, citing a study.