Industry information

The average ransom for blackmail software nearly tripled to $312493 in 2020 From Unit 42 blackmail software Threat Report

The following is the The average ransom for blackmail software nearly tripled to $312493 in 2020 From Unit 42 blackmail software Threat Report recommended by And this article belongs to the classification: Industry information.

The unit 42 blackmail threat report shows a surge in ransom for blackmail software, double blackmail and attacks on medical institutions

Blackmail software is one of the biggest threats in the field of network security. According to the data of Identity Theft Resource Center, there are 878 network attacks in 2020, of which 18% are from blackmail software. This threat is one of the focus areas of Palo Alto networks.

In order to assess the current situation of blackmail software threats, Palo Alto networks threat intelligence team unit 42 and event response team the cryptosis group cooperated to analyze the blackmail software threat situation in 2020 (Research on global data based on unit 42 and cryptosis data in the United States, Canada and Europe).

This report details the most important ransomware variants (with threat assessment links for each variant), the average ransomware payments, the ransomware forecasts, and the feasible steps to immediately reduce the risk of ransomware.

Cyber criminals earn and demand more money than ever before

The average ransom paid by enterprises increased from US $115123 in 2019 to US $312493 in 2020, with a year-on-year increase of 171%. In addition, the maximum ransom paid by businesses doubled from 2019 to 2020, from $5 million to $10 million. At the same time, cyber criminals are becoming more and more greedy. From 2015 to 2019, the maximum ransom for blackmail software is $15 million. In 2020, the maximum ransom for blackmail software will increase to US $30 million.

It is worth noting that the average ransom of maze blackmail software in 2020 is US $4.8 million, which is a significant increase compared with the average ransom of all blackmail software in 2020 of US $847344. Cybercriminals know that they can make money through blackmail software, and they are becoming more and more bold in asking for ransom.

Medical institutions become new targets

The world changed because of COVID-19. Extortion software operators took advantage of the epidemic to rob enterprises, especially in the medical industry, becoming the most concerned industry of extortion software in 2020. Blackmail software operators brazenly try to earn as much money as possible in the attack, because they know that medical institutions need to continue to operate to treat new crown patients and help save lives, can not bear the consequences of the system being locked, and are more likely to pay ransom.

Ryuk blackmail software stands out among many blackmail software. In October 2020, the cyber security and Infrastructure Security Agency (CISA), the Federal Bureau of investigation (FBI) and the Department of health and human services (HHS) jointly issued a cyber security warning to warn medical institutions against Ryuk blackmail software attacks.

The rise of double extortion

Common blackmail software attacks include blackmail software operators encrypting data and forcing victims to pay ransom to unlock data. In double blackmail, blackmail software operators will encrypt and steal data to further coerce victims to pay ransom. If they don’t pay, blackmail software operators will publish data to leaked websites or dark networks. Most data leaked websites are hosted in dark networks, and these hosting sites are created and managed by blackmail software operators. At present, there are at least 16 different varieties of blackmail software threatening to leak data or use leaked websites, and more varieties of blackmail software may continue this trend.

The most used blackmail software is netwalker. From January 2020 to January 2021, netwalker leaked the data of 113 victimized enterprises around the world (see the figure below), far more than other blackmail software. Ragnalocker ranked second, leaking data from 26 companies around the world. It is worth mentioning that in January 2021, the U.S. Department of Justice announced that it would coordinate international law enforcement actions to dismantle the netwalker blackmail software gang. The domain name of the dark network managed by the netwalker operator, which hosts the leaked data, is no longer accessible.

Figure: number of global victimized enterprises classified by blackmail software and data published on leaked websites from January 2020 to January 2021


Defending against blackmail attacks is similar to defending against other malware. However, the risk to the enterprise is much higher.

Initial visit

The initial access of all ransomware variants is relatively consistent. Enterprises should maintain users’ awareness and training of e-mail security, and consider how to identify and remedy malicious e-mail immediately after it enters employees’ mailbox. Enterprises should also ensure appropriate patch management and review which services may be exposed to the Internet. Remote desktop services should be properly configured and secure, use the principle of minimum permissions as far as possible, and develop strategies to detect patterns related to violent attacks.

Backup and recovery process

Enterprises should continue to back up data and plan the appropriate recovery process in advance. Blackmail software operators will encrypt the on-site backup, so enterprises should ensure that all the backup is saved safely offline. The recovery process must be implemented and rehearsed with key stakeholders to minimize downtime and reduce costs in the event of a blackmail software attack.

safety control

The most effective forms of anti blackmail software are endpoint security, URL filtering or web protection, advanced threat defense (unknown threat / sandbox) and anti phishing solutions deployed to all enterprise environments and devices. Although these do not fully guarantee prevention, they will greatly reduce the risk of infection of common variants and provide emergency measures, allowing one technology to provide a series of coercive measures when another technology may not be effective.

About Palo Alto networks

As a global network security leader, Palo Alto networks is using its advanced technology to reshape the future society with cloud as the center, changing the way of human and organizational operation. Our mission is to become the preferred network security partner and protect people’s digital lifestyle. With our continuous innovation and breakthrough in artificial intelligence, analysis, automation and choreography, we help our customers cope with the most serious security challenges in the world. By delivering integrated platforms and promoting the continuous growth of partner ecosystems, we are always at the forefront of security, escorting tens of thousands of organizations in cloud, network and mobile devices. Our vision is to build an increasingly secure world.

About unit 42

Unit 42 is the global threat intelligence team of Palo Alto networks. It is a recognized authority in the field of network threat defense. Many enterprises and government agencies around the world often ask for help from them. Our analysts are experts in finding and gathering unknown threats and fully reverse engineering malware using code analysis. With this expertise, we provide high-quality, in-depth research to gain insight into the tools, technologies, and procedures that threat performers use to invade organizations. Our goal is to provide as much background information as possible to explain the specific details of the attack, the executor of the attack and its reasons, so that security personnel around the world can understand the threat and better defend against the attack.

Read more: do you think you are ready for the next solarwinds attack? In fact, it’s not the case. Yang Jiehong: how to look at the development of network security channels in 2021 Palo Alto networks Chen Wenjun: a new mixed staff team is becoming a new normal. Glassdoor: Top 25 in 2017 US technology industry salary list Networks:Twitter Enterprise usage increased by 250% in the first half of the year cloud service provider softlayer: how does technology destroy employment after being acquired by IBM for about $2 billion? Global webindex: as of November 2014, wechat has more than 3 million users in the United States time: the world’s top 25 inventions in 2014 spiceworks: 239 network security start-ups in 2013 attracted more than $1.4 billion in venture capital CNET & Wiki: the present and future of captcha Reuters & Ipsos: a survey shows that apple watch sold 15 million units in the United States in 2015 24:2020 IOT threat report VC forecast: the most noteworthy venture capital field in 2015

If you want to get the full report, you can contact us by leaving us the comment. If you think the information here might be helpful to others, please actively share it. If you want others to see your attitude towards this report, please actively comment and discuss it. Please stay tuned to us, we will keep updating as much as possible to record future development trends. is a website that focuses on future technologies, markets and user trends. We are responsible for collecting the latest research data, authority data, industry research and analysis reports. We are committed to becoming a data and report sharing platform for professionals and decision makers. We look forward to working with you to record the development trends of today’s economy, technology, industrial chain and business model.Welcome to follow, comment and bookmark us, and hope to share the future with you, and look forward to your success with our help.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button