Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before.
Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.
Ransomware is a type of malicious attack where a criminal encrypts files then threatens to publish them unless a demanded ransom is paid.
Cybercriminals expect larger payouts when they target bigger companies, steal more data, or if the information stolen is extremely sensitive. Instead of stealing user email addresses, hackers now often target financial details, personal information like social security numbers and police reports.
According to data by Atlas VPN, there were 78.4 million ransomware attacks detected during the period, compared to 41 million in the same three months a year ago.
Not only is the average ransom payout increasing rapidly, but the frequency of attacks is similarly hitting all-time highs. Ransomware attacks rose by 91% in a year.
Rachel Welch, chief operating officer of Atlas VPN, said: “The increase in average ransomware payout shows that hackers are successful in bigger-scale attacks or intrude into databases that contain extremely sensitive data, such as credit card details.”
The total ransomware attacks in the first three quarters of 2020 amounted to $199.8m, a 40% rise in attacks compared with $142.4m in 2019.
The COVID-19 pandemic was the main culprit behind the increase in attacks. Due to lockdowns, many office-workers gained access to corporate windows workstations or servers via Microsoft’s client software called Remote Desktop Protocol (RDP). This created more points of attack for cybercriminals.
To hack into the company's system, fraudsters systematically attempt numerous username and password combinations until the correct one is found.
Atlas VPN has outlined protection tips from ransomware for both employees and employers:
First, employees should follow well-known cybersecurity practices, such as using 2-Factor Authentication (2-FA) whenever possible, not clicking on suspicious links, and updating their software and OS. These steps might seem like basic practices, but surprisingly, many people do not follow them.
Employers should set up employee training workshops where a security specialist shares security practices together with scenarios that could happen if these tips are not followed. Showcasing incidents that already happened in other companies could be of value to show employees how a single malicious link can cripple a company.
WATCH: IBM warns hackers targeting vaccine distribution