Why Are Ransomware Attacks and Ransoms Soaring?

April 15, 2022

The ransomware business has been booming for cybercriminals of every type, from independent operators to nation-state groups. This constantly rising tide has left businesses of every size wondering if they’re next, and what they can do to stay safe, because both ransomware attacks and the ransoms that cybercriminals are demanding are on the rise, with several factors impacting risk for organizations including geography and nation-state activity. 


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


Sector and Region Are Threat Variables 


Geography can be a factor in the likelihood that an organization will be a target of ransomware. The US has incurred a 127% year-to-date increase in the number of ransomware attacks while the UK has seen a 233% surge in ransomware infections. Digging down another level, it’s clear that organizations in the Americas are at the highest risk of a ransomware incident. The Americas was the region that took the brunt of ransomware attacks in 2021 at 60%, followed by Europe, the Middle East and Africa at 31%, and the Asia Pacific region at 9%. 

The most beleaguered sector of late 2021 was Banking and Finance, the target of almost one-quarter (22%) of ransomware attacks in the last part of 2021. Banking and Finance targets had an especially bad first half of the year, enduring a 1,318% increase in hits in Q1 and Q2. One-fifth of ransomware attacks (20%) in the last half of the year were aimed at utility companies. Over 1,300 organizations in the Utilities sector including critical services, infrastructure, and supporting industrial targets were impacted by ransomware in 2021. Retailers take third place on the target list with organizations in that sector enduring 16% of ransomware attacks in late 2021. 

Which Industries Faced the Most Ransomware Attacks? (By Percentage of Total Attacks) 

Banking 22% 
Utilities 20% 
Retail 16% 

Source: Trellix 


The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>


Geopolitical Factors Play a Role 


The elevated risk that businesses face right now has also been exacerbated by high levels of nation-state activity surrounding the prolonged Russia-Ukraine conflict. Nation-state cybercriminals have been reaching farther afield than in the past. The 2021 Microsoft Digital Defense Report showed that 90% of advanced persistent threat groups (APTs) regularly attack enterprises. In fact, the danger to businesses has grown grave. Just under 80% of all attacks that Microsoft researchers observed across nation-state actors targeted enterprises. The most common force behind nation-state attacks is Russia. Russia is the force behind 58% of nation-state attacks. Unfortunately for everyone else, Russia-aligned cybercrime groups have been improving their success rates. Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021.  

Money is a big reason why ransomware is the nation-state cybercriminal’s chosen weapon. For isolated or rogue states like North Korea, it’s one of the few ways to bring in money. North Korea generated an estimated $1 billion in revenue from nation-state cybercrime in 2021. Experts expect that as Russia’s isolation grows, the government will lean hard on cybercrime to make up lost revenue, conscripting powerful Russia-based cybercrime syndicates to help pay the bills as they look for ways to make up the 30 billion erased from Russia’s gross domestic product. An estimated three-quarters of global ransomware revenue went to Russia-aligned cybercrime groups in 2021, raking in $400 million in cryptocurrency.  


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


Ransom Demands Are Rising Constantly 


Cybercriminals have upped their prices, notching new record-high ransom demands. In Q1 2022, the average ransom demand rose 144% to $2.2 million and the average ransom payment rose 78% to $541,010. Of course, each group sets their own prices, and bigger, highly skilled groups can charge premium prices for a decryptor or other extortion payment. The Conti ransomware group’s demands averaged $1.78 million for the entire year and the top initial demand was $3 million. The REvil ransomware outfit made an average initial demand of $2.2 million to its victims.  

How much were cybercriminals asking for? Ransom amounts vary but a few consistent patterns give us a glimpse at what a victim organization may be facing. The IBM Cyber Resilient Organizations Study 2021 offers some insight.  Only 35% of the impacted organizations in this study reported that their ransom demand was less than $2 million. Instead, the majority (46%) said that cybercriminals demanded ransoms of $2 – 10 million from their organizations and 19% reported a ransom demand of $10 million to more than $50 million. That squares with a report in Tripwire detailing the average ransoms paid by organizations. Researchers concluded that average paid ransom amounts have increased by 82%. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. 


Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>


Some Industries Have More Risk


In the 2021 FBI Internet Crime Complaint Center (IC3) report, FBI analysts disclosed that IC3 received more than 2,000 ransomware complaints with more than $16 million in losses, a 20% increase in reported losses compared to the same time in 2020. Unfortunately, that puts a lot of businesses in a complicated position, especially if they’ve neglected their incident response planning and don’t have access to recent data backups. Researchers determined that an estimated two-fifths or 39% of ransomware victims choose to pay the cybercriminals responsible for the attack, even though cybersecurity experts, government agencies and legal authorities advise companies not to. Some industries definitely had it harder than others in 2021. 

Industry % Increase in Ransomware Attacks 
Governments and the Public Sector 1,885% 
Healthcare 775% 
Education 152% 
Retail 21% 

Source: Fortune Magazine 


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Automated Email Security is the Protection You Need 


One of the best ways to protect a company from ransomware is to protect it from phishing. An estimated 94% of ransomware arrives at businesses via email. These messages often use sophisticated social engineering techniques to entice employees to download an attachment, visit a malicious website or give up their credentials to cybercriminals. Stopping ransomware starts with stopping phishing messages from reaching employee inboxes, and AI-driven email security is the superior choice for doing just that.   

  • Sophisticated email security automation puts 3 layers of protection between your business and phishing messages   
  • Automated email solutions like Graphus catch 40% more malicious messages than conventional solutions or a SEG   
  • Smart AI never needs threat reports, instead using over 50 points of comparison to sniff out targeted spear phishing, ransomware, zero-day attacks and other complex threats.   

Don’t wait until you’re paying the bills for a ransomware attack to improve your email security – 60% of companies that are hit by a cyberattack go out of business. Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. Contact one of our solutions specialists today and put protection that never takes a day off to work for your business.  


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus