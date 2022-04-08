Friday, 8 April, 2022 - 11:19

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to Dark Web "leak sites" where they pressured victims to pay up by threatening to release sensitive data, according to research released today from Unit 42 by Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader.

The average ransom demand in cases worked by the Palo Alto Networks Unit 42 security consultants rose 144% in 2021 to $2.2 million, while the average payment climbed 78% to $541,010.

"Ransomware attacks against New Zealand organisations increased from two to six in 2021, a concerning trend that is in line with the changing global threat landscape. New Zealanders are more aware of this looming threat than ever before, with a string of high profile attacks last year against the Reserve Bank of New Zealand, Waikato District Health Board, New Zealand Post and Metservice," said Misti Landtroop, Managing Director, Palo Alto Networks New Zealand.

"New Zealand cyber security research conducted by Palo Alto Networks in 2021 found that one in three New Zealand business owners are concerned about cyber security threats against their organisation and that one in four believe that their organisation does not invest enough in cyber security. As ransomware attacks increase posing a risk to our critical infrastructure, healthcare, education and energy sectors, New Zealand organisations must prioritise awareness and investment in cyber security to reduce vulnerability," added Landtroop.

The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021. REvil, also known as Sodinokibi, was No. 2 at 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti also posted the names of 511 organisations on its Dark Web leak site, the most of any group.

The report describes how the cyber extortion ecosystem grew in 2021, with the emergence of 35 new ransomware gangs. It documents how criminal enterprises invested windfall profits into creating tools that are easier to use in attacks that increasingly leverage zero-day vulnerabilities.

The number of victims whose data was posted on leak sites rose 85% in 2021 to 2,566 organisations, according to Unit 42’s analysis. Some 60% of leak site victims were in the Americas, followed by 31% for Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region. The most affected vertical industries were Professional and Legal Services, Construction, Wholesale and Retail, Healthcare, and Manufacturing.

Detailed commentary, analysis and breakdowns on activity by region, industry and ransomware groups are available in the report, which can be downloaded from the Palo Alto Networks website. A summary of the report is available on the Unit 42 blog.

