cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Average ransom payment has gone up to 71% in 2022

Palo Alto Network’s threat intelligence arm, Unit 42, has found the average ransomware payment in cases worked by Unit 42 incident responders rose to US$925,162 (AU$1,288,867) during the first five months of 2022, approaching the unprecedented US$1 million mark, a 71 per cent increase from last year.

user iconReporter
Fri, 10 Jun 2022
Average ransom payment has gone up to 71% in 2022
expand image

That total amount, according to Palo Alto Network's Unit 42 team, is before additional costs are incurred by victims including remediation expenses, downtime, reputational harm, and other damages.

The average payment in cases worked by the Unit 42's consultants in 2020 was US$300,000 (AU$417,938), and the majority of transactions seen by incident responders were US$500 (AU$697) or less in 2016. This year's findings have highlighted the staggering trajectory.

According to Sean Duca, vice president and chief security officer for Palo Alto Networks Asia Pacific and Japan, the sharp increase highlights just how critical robust cyber security policies and protections are for businesses today.


"Cyber criminals know where the money is.

“The average ransomware payment has soared to more than $1.2 million this year, which is triple the amount we saw in 2020 and thousands of times more than what was paid in 2016.

"As Australia becomes increasingly linked to the global economy and our lives move further online, business leaders and governments must be vigilant in protecting their critical IP and infrastructure, as this growth trajectory is likely to continue," Duca said.

Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms.

Known as "double extortion", the technique increases pressure on victims by adding a layer of public humiliation to the difficulty of losing access to files, identifying victims and sharing purported snippets of sensitive data stolen from their networks. According to Unit 42's ongoing analysis of leak site data globally, the rate of double extortion translates into one new victim every three to four hours.

This global digital crime spree has been fuelled by cyber criminals' relentless introduction of increasingly sophisticated attack tools, extortion techniques, and marketing campaigns. The cyber extortion crisis continues partly due to the ransomware-as-a-service (RaaS) business model that has lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.

This year's growth in payments has been pushed up by two multi-million-dollar ransoms – one to a rising group, Quantum Locker, and one to LockBit 2.0, which has been the most active ransomware gang on double-extortion leak sites so far this year.

[Related: The top 3 tax-time scams Aussies should avoid]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.