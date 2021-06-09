The rising cost reflects the greater complexity of some attacks, said John Shier, senior security adviser at Sophos, who added that while the number of attacks had dropped, their sophistication had risen.

"It looks like they are trying to be more purposeful," Shier said. "So they're breaching companies, understanding exactly what company they breached and trying to penetrate as fully as possible, so that they can then extract as much money as possible."

New threats

Both Shier and Malatras pointed to the latest threat of a "triple extortion," in which ransomware attackers freeze up data on a target's systems through encryption, and extract it so they can threaten to publish it online. They said the attackers then adopt a third phase, using that data to attack the target's systems and blackmail its clients or contacts.

"If you are a customer of this company whose data has been stolen, they'll threaten to release your information or they'll also call other companies that are your partners," said Shier. He added the highest ransom payment he had heard of was $50 million.