$650,000 is the average asking price in a ransomware attack

$650,000 is the average asking price in a ransomware attack, according to Palo Alto Networks

In 1 in 5 cases, ransomware criminals resort to intimidation

Ransomware criminals are using increasingly aggressive techniques to pressure companies into giving in and paying ransom. This is according to the new 2023 Ransomware and Extortion Report from Palo Alto Networks’ UNIT 42 research group, which compared a thousand incidents from 2022 with the previous year.

Ransomware hackers are becoming more reckless, resorting to harassment in 1 in 5 cases, an increase of no less than 20 compared to 2021. It often involves phone calls or emails towards individual people in the organisation, usually managers or customers. Criminals also often use stolen customer data to demonstrate the potential damage they can cause.

$7 million

On average, ransomware gangsters demand $650,000 in ransom. However, companies worldwide pay much less than what the hackers hope for, $350,000 on average. This shows that negotiating actually matters, according to the UNIT 42 branch. Of all the incidents the Palo Alto Networks research group analysed, the highest asking price was no less than $7 million.

Other trends from the report:

  • Combined attacks: Ransomware groups are increasingly using different attack techniques together to increase pressure on companies. For example, they may combine data encryption with data theft, a DDos attack and intimidation. In 70% of ransomware incidents last year, the UNIT 42 branch also noted some form of data theft. That’s 30% more than in 2021.
  • New groups: Every day, Palo Alto Networks’ research group sees an average of 7 new ransomware victims. That’s one victim every 4 hours. 57% of the groups on websites with stolen information are established actors such as BlackCat or Lockbit. The rest, 43%, are new groups looking to disrupt the existing order.


Some striking figures from the report are:

  • In 2022, 30 companies from the Forbes Global 2000 list fell victim to an extortion attack.
  • The manufacturing industry is the favourite target of criminals in 2022. UNIT 42 was able to find 447 manufacturing companies on websites with stolen information.


Of the thousand ransomware incidents that Palo Alto Networks’ UNIT 42 unit was able to analyse, 26 of them came from Belgium. 10 of these could be linked to the Lockbit 2.0 group, eight to the Lockbit 3.0 grouping and two to Black Basta, a ransomware-as-a-service collective created in April 2022.

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.