Saudi Press

Saudi Arabia and the world
Monday, Jun 30, 2025

Ransomware criminals' demands rise as aggressive tactics pay off

Ransomware criminals' demands rise as aggressive tactics pay off

Average ransomware demands and payments are up as criminal enterprises pour money into the profitable operations

Ransomware gangs are getting greedier as aggressive tactics pay off.

The ransomware crisis just keeps getting worse as criminal enterprises pour money into highly profitable ransomware operations, according to a report from Palo Alto Networks’ Unit 42 security consulting group.

The average ransomware payment climbed 82% to a record $570,000 in the first half of 2021 from $312,000 in 2020.


And criminal gangs are upping demands. The average ransom demand so far this year is $5.3 million, surging 518% from 2020 when the average demand was $847,000. That’s because too often it works.

"Ransomware attacks have prevented us from accessing work computers, pushed up meat prices, led to gasoline shortages, shut down schools, delayed legal cases, prevented some of us from getting our cars inspected and caused some hospitals to turn away patients," the report said.

For a single victim, the largest ransom demand seen by Unit 42 consultants rose to $50 million in the first half of 2021 from $30 million last year.

Ransomware gangs are getting greedier as aggressive tactics pay off.


Larger demands and ransoms mean gangs are getting creative, as the July Kaseya VSA attack shows.

REvil, a notorious ransomware-as-a-service criminal business enterprise, offered a "universal decryption key" to all of the organizations hit by the attack in return for a $70 million payment.

"Though it quickly dropped the asking price to $50 million. Kaseya eventually obtained a universal decryption key, but it’s unclear what payment was made, if any," Unit 42 said.

This year, the largest confirmed payment was the $11 million that JBS SA said it paid after an attack in June.

Quadruple extortion


The rise of "quadruple extortion" is one of the most ominous trends, said Unit 42, whose consultants handled "dozens" of ransomware cases in the first half of 2021.

"While it’s rare for one organization to be the victim of all four techniques, this year we have increasingly seen ransomware gangs engage in additional approaches when victims don’t pay up after encryption and data theft," Unit 42 said.

These four tactics are:

Encryption:


Victims pay to regain access to computer systems after key files get encrypted. This is classic ransomware.

Data theft:


Hackers release sensitive information if a ransom is not paid. This tactic took hold in 2020.

Denial of service (DoS):


Ransomware gangs launch denial of service attacks that bring down a victim’s public websites.

Harassment:


"Cybercriminals contact customers, business partners, employees and media to tell them the organization was hacked," the report said.

And as ransomware enterprises mature, the sophistication of attacks grows.

For instance, Unit 42 is starting to see ransomware gangs target a type of software known as a hypervisor.

Also expect to see more targeting of so-called managed service providers (MSPs) and their customers after the Kaseya attack, which spread to clients of MSPs, Unit 42 said.

Some gangs, however, will continue to focus on the "low end of the market...regularly targeting small businesses that lack resources to invest heavily in cybersecurity," the report said. Those ransom payments typically range from $10,000 to $50,000.

Newsletter

Related Articles

Saudi Press
0:00
0:00
Close
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Trump Asserts Readiness for Further Strikes on Iran Amid Nuclear Tensions
Iran's Parliament Votes to Suspend Cooperation with Nuclear Watchdog
Trump Announces Upcoming US-Iran Meeting Amid Controversial Airstrikes
Trump Moves to Reshape Middle East Following Israel-Iran Conflict
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
Explosions Rock Doha as Iranian Missiles Target Qatar
“You Have 12 Hours to Flee”: Israeli Threat Campaign Targets Surviving Iranian Officials
Oman Set to Introduce Personal Income Tax, First in Gulf
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Iran Intensifies Crackdown on Alleged Mossad Operatives After Sabotage Claims
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
G7 Leaders Fail to Reach Consensus on Key Global Issues
Mass exodus in Tehran as millions try to flee following Trump’s evacuation order
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Netanyahu Signals Potential Regime Change in Iran
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
Iran Conducts Ballistic Missile Launches Amid Heightened Tensions with Israel
Iran Signals Openness to Nuclear Negotiations Amid Ongoing Regional Tensions
Shock Within Iran’s Leadership: Khamenei’s Failed Plan to Launch 1,000 Missiles Against Israel
Trump's Anti-War Stance Tested Amid Israel-Iran Conflict
UK Deploys Jets to Middle East Amid Rising Tensions
Exiled Iranian Prince Reza Pahlavi Urges Overthrow of Khamenei Regime
Wreck of $17 Billion San José Galleon Identified Off Colombia After 300 Years
Iran Launches Extensive Missile Attack on Israel Following Israeli Strikes on Nuclear Sites
Israel Issues Ultimatum to Iran Over Potential Retaliation and Nuclear Facilities
Black Box Recovered from Air India Crash Site
Coinbase CEO Warns Bitcoin Could Supplant US Dollar Amid Mounting National Debt
Trump to Iran: Make a Deal — Sign or Die
Operation "Like a Lion": Israel Strikes Iran in Unprecedented Offensive
×