Skip to main content

Average ransom payment through the roof in 2021

(Image credit: Image source: Shutterstock/Martial Red)

Compared to the same period last year, the average ransom paid to ransomware attackers in the first half of 2021 rose by 82 percent, new figures from cybersecurity firm Unit 42 suggest.

After analyzing “dozens” of ransomware cases that took place in the first half of the year, Unit 42 concluded that the average ransomware payment hit $570,000, up from $312,000 a year ago. 

Criminals also seem to be getting bolder, as the average ransom demand also spiked - by 518 percent. While in 2020, the average demand sat at $847,000, this year it's $5.3 million.

The single highest demand so far this year is $50 million, up from $30 million last year. Unit 42 also said REvil operators recently started offering a universal decryption key to all firms affected by the Kaseya attack for $70 million, only to later lower the price to $50 million. Kaseya later got the universal key, but did not disclose whether it paid for it, or how much. 

The biggest payment this year so far was made by JBS SA, at $11 million. Last year, the largest payment recorded was $10 million.

Ransomware operators are constantly evolving their methods. What started as a “simple” extortion attack (encrypt all of the data and demand payment for the decryption key) soon turned into a double-extortion attack (data theft and encryption), once businesses started deploying backups. 

Now, Unit 42 has started noticing quadruple extortion attacks (encryption, data theft, DDoS, threats and pressure), although these are not particularly widespread (yet).

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.