Ransomware attacks are now more sophisticated and costly- what can organizations do?

Last updated: July 16, 2023 Reading time: 5 minutes
Ransomware attacks are now more sophisticated and costly- what can organizations do?

The year 2021 has met with a sky-high record of increase in Ransomware demand and Payments. The number of ransomware gangs increases alongside Dark Web “leak sites,” pressuring victims into paying a ransom. 

Some of the most alarming statistics that are evident within the Palo Alto Networks Unit 42 Ransomware threat report are as follows:

  • 144% rise in average ransomware demand in 2021 to $2.2m
  • 78% rise in average recorded payment that averages to a sum of $541,010. 
  • The number of victims whose data was exposed in leak sites rose 85% in 2021 

According to the vice president of threat intelligence at unit 42, Ryan Olsen, “Cybercriminals are doubling down by finding additional ways to extort victims in conjunction with ransomware.”

The rise in ransomware is probably owing to some new techniques that cybercriminals are now deploying. As the Dark Web leak sites became famous in 2020, cybercriminals used them to identify ransomware victims, threatening to leak corporate information. However, in 2021, ransomware gangs started popularizing multi-extortion techniques.

These techniques have somewhat evolved the way ransomware occurs now. While the traditional data encryption and theft methods are ongoing, ransomware gangs threaten to launch a DDoS attack on the organization’s infrastructure or network if the negotiations demand fail. In case the negotiations fail, the organizations have to face the impending danger of data leaks.  

The appearance of more ransomware gangs is another problem

It is not only the evolution of malware that is a significant concern for organizations and security professionals alike. The modern threat landscape sees the appearance of more new ransomware gangs along with some re-emergence. The same report highlights:

  • Conti ransomware is responsible for most criminal activity 
  • REvil or Sodinokibi is responsible for 7.1% of ransomware attacks 
  • Hello, Kitty and Phobos each score 4.8% in their attack frequency. 

Similarly, the report highlights the emergence of 35 new ransomware gangs in 2021. Some of the most significant ones are:

  • Black Matter
  • Hive
  • Grief
  • BlackCat 

While the emergence of these gangs is already a significant cause of concern, it does lead to the next big question.

Are ransomware attacks increasing in sophistication and number? 

Considering the emergence of these significant ransomware gangs, it is evident that the attacks are likely to almost double in size. According to the report, it is precisely what Checkpoints’ mid-year security report found in August 2021, according to the report. The report highlights that the attacks occurring during the year’s first half had increased by 93%.

 However, cybercrimes continue to evolve, and like every other industry, competition within the cybercriminal world is likely to increase. It is, therefore, possible that in an attempt to outdo the other, these gangs are likely to streamline their cyber attacks.

Therefore, the sophistication in ransomware attacks is bound to happen. The UK National Cyber Security Center highlighted in February 2022 that the ransomware attacks conducted over the past 12 months contained new sophistication. Criminal gangs have a much more professional tactic and target impactful victims. As mentioned above, cybercriminals now take on more evolved methods of targeting victims along with traditional ones. Some of the actions include:

  • Stealing sensitive data from organizations that they often threaten to release publicly in case payments are made
  • Targeting organization customers, suppliers, and business arenas 
  • Launching DDoS attacks in case payments are not made 

Amidst this, ransomware is a theta that is likely to increase in the future. There does not seem to be a possible way that this threat will die down, so organizations must enable security.

How can organizations ensure security?

Ransomware is one of the rising cybersecurity problems that organizations have to fret over. According to a study by the World Economic Forum, 80% of cybersecurity leaders view ransomware as dangerous and evolving. Amidst this, organizations must enable robust security measures to combat the threat.

While no security solution is perfect, an organization can build a secure cybersecurity infrastructure to help prevent the rising ransomware issue. Some of the methods that they can practice are as follows:

Enable endpoint security through antimalware 

Endpoint security is the most crucial element in enabling a robust cybersecurity infrastructure. Since ransomware continues growing exponentially, an organization must invest in a secure antimalware program

Most antimalware programs contain a whitelist of known ransomware. Some of the best antimalware software regularly update these lists allowing users to stay secure. The antimalware software scans every file, document, hardware, or software that enters the network system, cross-matching them from its white list to ensure no possible infection signs. It significantly helps organizations remain safe from ransomware and malware attacks.

Build a secure incident response plan 

Ransomware attacks are sneaking; if they manage to sneak past an organization’s security measures, it is crucial to remain prepared. Building a proactive incident response plan can help an organization remain safe from the worst impact of a ransomware attack.

Some key components that an organization can include within their incident response plan are ensuring they have data backups that they can turn towards to keep themselves afloat while negotiations with cybercriminals continue. Moreover, it is also cruel that the organization keeps up a ransomware budget to pay the ransom if things take a turn for the worst and prevent data leaks and DDoS attacks.

Invest in data security

Data security and privacy are one of the most crucial factors in mitigating almost every cyber threat. Since data is the most valuable asset that cybercriminals target, it is essential to enable secure data security.

Organizations must store their data within an encrypted vault while ensuring data encryption. With this, in case of a ransomware attack, the cybercriminal won’t be able to leak information publicly. Moreover, in the case of hybrid working setups, employees must use VPNs to ensure secure data transfer and communication.


Since ransomware is a threat that will continue to increase, and there seem to be chances of it ceasing soon, remaining security has become essential. Fortunately, as cybercriminals continue to sophisticate their attacks, cybersecurity leaders and professionals have come up with various effective methods of enabling robust security.

Share this article

About the Author

Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-focused articles. He strives to help achieve a secure online environment and is skilled in writing topics related to cybersecurity, AI, DevOps, Cloud security, and a lot more. As seen in: Computer.org, Nordic APIs, Infosecinstitute.com, Tripwire.com, and VentureBeat.

More from Iam Waqas

Related Posts