"Ransom Demands Surge 45% in 2021"
According to new research conducted by Group-IB, the average ransom demand in 2021 was $247,000, 45% more than the previous year, with most threat actors trying to force payment via double extortion tactics. During the study, the Group-IB compiled its conclusions from an analysis of over 700 investigations undertaken by its incident response team. The researchers stated that the continued rise of ransomware is down to the proliferation of initial access brokers and ransomware-as-a-service offerings on the dark web. The researchers argued that more sophisticated threats made it harder for victims to recover. The average downtime from an attack rose from 18 to 22 days year-on-year. However, on the plus side, the researchers noted that attacker dwell time fell from 13 days to nine over the same period. That limits the time in which threat actors have to move laterally within networks, steal data, and deploy their ransomware payload. The researchers stated that data theft and threatened leakage were used in 63% of attacks last year as a method of forcing payment. Lockbit, Conti, and Pysa were the most aggressive in posting data to leak sites. However, it was two newcomers, Hive and Grief, that caught the eye of the researchers, making it on the top 10 list of ransomware gangs by number of victims posted to leak sites. The researchers noted that remote desktop protocol (RDP) remains the top vector for attacks (47%), followed by phishing (26%). More attacks were facilitated by exploits of public-facing applications last year (21%) than in 2020 (17%).