Palo Alto Network’s threat intelligence arm, Unit 42, has found the average ransomware payment in cases worked by Unit 42 incident responders rose to US$925,162 during the first five months of 2022, approaching the unprecedented US$1 million mark, a 71 percent increase from last year.

That total amount, according to Palo Alto Network’s Unit 42 team, is before additional costs are incurred by victims including remediation expenses, downtime, reputational harm, and other damages.

The average payment in cases worked by the Unit 42’s consultants in 2020 was US$300,000 (AU$417,938), and the majority of transactions seen by incident responders were US$500 (AU$697) or less in 2016. This year’s findings have highlighted the staggering trajectory.

According to Sean Duca, vice president and chief security officer for Palo Alto Networks Asia Pacific and Japan, the sharp increase highlights just how critical robust cyber security policies and protections are for businesses today.

Details of about seven new victims on average are posted each day on the dark web leak sites that ransomware gangs use to coerce victims into paying ransoms.

Known as “double extortion”, the technique increases pressure on victims by adding a layer of public humiliation to the difficulty of losing access to files, identifying victims and sharing purported snippets of sensitive data stolen from their networks. According to Unit 42’s ongoing analysis of leak site data globally, the rate of double extortion translates into one new victim every three to four hours.

This global digital crime spree has been fuelled by cyber criminals’ relentless introduction of increasingly sophisticated attack tools, extortion techniques, and marketing campaigns. The cyber extortion crisis continues partly due to the ransomware-as-a-service (RaaS) business model that has lowered the technical bar for entry by making these powerful tools accessible to wannabe cyber extortionists with easy-to-use interfaces and online support.

This year’s growth in payments has been pushed up by two multi-million-dollar ransoms – one to a rising group, Quantum Locker, and one to LockBit 2.0, which has been the most active ransomware gang on double-extortion leak sites so far this year.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.