* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Network Perimeter](https://www2.paloaltonetworks.com/blog/network-security/category/network-perimeter/)
* Why the Evolution of Rans...

# Why the Evolution of Ransomware Calls for Next-Level Web Protection

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fransomware-attacks-advanced-url-filtering%2F)  
[](https://twitter.com/share?text=Why+the+Evolution+of+Ransomware+Calls+for+Next-Level+Web+Protection&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fransomware-attacks-advanced-url-filtering%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fransomware-attacks-advanced-url-filtering%2F&title=Why+the+Evolution+of+Ransomware+Calls+for+Next-Level+Web+Protection&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/ransomware-attacks-advanced-url-filtering/&ts=markdown)  
\[\](mailto:?subject=Why the Evolution of Ransomware Calls for Next-Level Web Protection)  
Link copied  
By [Ashraf Aziz](https://www.paloaltonetworks.com/blog/author/ashraf-aziz/?ts=markdown "Posts by Ashraf Aziz")  
Aug 09, 2022  
5 minutes  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)  
[Advanced URL Filtering](https://www.paloaltonetworks.com/blog/tag/advanced-url-filtering/?ts=markdown)  
[Phishing](https://www.paloaltonetworks.com/blog/tag/phishing/?ts=markdown)  
[ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware/?ts=markdown)  
[Ransomware-as-a-Service](https://www.paloaltonetworks.com/blog/tag/ransomware-as-a-service/?ts=markdown)  
[web security](https://www.paloaltonetworks.com/blog/tag/web-security-2/?ts=markdown)

Ransoms have come a long way since the days of a note constructed of cutout magazine letters being dropped in a target's mailbox. As with many other threats, they have evolved, becoming more sophisticated and perilous. The same is true for today's web threat landscape.

With organizations struggling to keep up with adversaries' advanced methods, the web has been left wide open for malicious attacks like phishing, malware, ransomware, and data theft. But among these different threats, ransomware has proven to be one of the most costly attacks and continues to thrive.

Ransomware attacks are constantly evolving, affecting organizations regardless of size, industry or location. According to [research](https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html) done by Palo Alto Networks Unit 42 threat intelligence research team, in 2021, the names and proof of compromise for 2,566 victims were publicly posted, marking an 85% increase compared to 2020. One of the leading factors contributing to this growth is the use of Ransomware-as-a-Service (RaaS). RaaS is a business run by cybercriminals, for cybercriminals, making the tools to launch ransomware attacks widely accessible for adversaries of all skill levels in exchange for monthly fees or a percentage of ransoms paid. Because of RaaS, the barrier to entry has been lowered, increasing the volume and frequency of ransomware attacks. And while ransomware attacks become more common, it is expected that the cost of these attacks will continue to grow.

According to Palo Alto Networks Unit 42 threat intelligence research team, the average demand of a ransomware attack in 2021 was [$2.2 million](https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html), a 144% increase from 2020, while the average payment was $541,000, a 78% increase from the previous year. As ransomware attacks become more frequent and payout demands soar, organizations are biding their time until they become the next target.
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/08/word-image-7.png)
Average ransom demands compared to average ransom payments in 2020 and 2021, according to Unit 42 incident response data.

One of the most common ways adversaries deliver ransomware is through phishing emails, where their intent is to trick victims into clicking a malicious link or downloading an attachment that will then install ransomware on their device. Therefore, ransomware protection requires a two pronged approach, prevention of malware files and access to malicious domains (URLs). Studies have shown that 78% of organizations in 2021 received a phishing email loaded with ransomware or a link to download ransomware. Knowing that phishing is extremely common and its ties to ransomware attacks, it is more important than ever for security teams to prevent it. Studies have shown that 90% of today's security incidents include phishing, yet organizations still struggle to prevent them to this day. This is largely due to the various evasion techniques threat actors use to bypass security defenses. Common techniques for a malicious website to avoid detection include:

* **Use of new and never-before-seen URLs.** Attackers can easily bypass defenses by generating never-before-seen URLs that traditional offline web-crawlers fail to detect.
* **Hiding malicious content through cloaking.** Since web-crawlers do not analyze live web traffic, attackers can cloak malicious intent by first sending security scanners to benign content or a blank page before eventually launching the phishing page.
* \*\*Multi-step attacks and CAPTCHA challenges.\*\*Adversaries hide phishing content behind a series of benign steps, such as CAPTCHA challenges, to prevent web-crawlers from detecting the actual malicious content behind them.
* \*\*Single-use and short-lived links.\*\*With the help of automation tools, it is now cheaper and easier than ever before to generate a vast amount of new, never-before seen URLs. This allows adversaries to use a phishing page for mere seconds or minutes before switching to a new URL, making it difficult for security databases to track.
* \*\*Attacks within compromised websites.\*\*Attackers compromise legitimate and benign websites to establish a phishing page within it, allowing them to easily clear security defenses.

Adversaries have combated traditional security with these evasive techniques, allowing them to bypass security with ease. In fact, [90%](https://www.cyren.com/blog/articles/evasive-phishing-driven-by-phishing-as-a-service) of today's phishing kits include at least one of these evasive techniques. Unfortunately, this puts an immense amount of pressure on SOC teams to properly secure the web and prevent their organization from becoming the victim of a ransomware attack. No longer able to rely on legacy security using outdated methods, organizations need to adopt a solution with specific capabilities suited to detecting and preventing highly-evasive threats.

Palo Alto Networks has revolutionized web security with its [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering) solution, introducing the industry's only inline web protection engine that can detect and prevent evasive threats like phishing and ransomware attacks, all in real time. Using next-level analysis and inline prevention capabilities through the use of our inline deep learning modules, customers can defend against highly-evasive phishing attacks and avoid becoming the victim of a ransomware attack. Advanced URL Filtering offers visibility into categorized threats like ransomware, giving SOC teams the knowledge and context they need to create and enforce policies.

Unfortunately, web-based threats like ransomware are constantly evolving and can threaten an organization in multiple ways, which is why SOC teams must have a holistic approach to security. Palo Alto Networks offers best-in-class cloud-delivered security services, such as [Wildfire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire), [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention) and [DNS Security](https://www.paloaltonetworks.com/network-security/dns-security), that all work together to ensure your entire enterprise is protected. Whether it be blocking malicious URLs used for ransomware, preventing data exfiltration through command-and-control attacks, or inspecting a malicious file loaded with malware, these best-in-class services give customers comprehensive protection against ransomware attacks.

To learn how you can use Advanced URL Filtering to stop your organization from falling victim to ransomware attacks, [visit Palo Alto Networks](https://www.paloaltonetworks.com/network-security/advanced-url-filtering).

To better help you identify any vulnerabilities and risks in your business, request a complimentary Security Lifecycle Review assessment. This evaluation will give you actionable intelligence and recommendations on how to reduce your organization's overall risk exposure. Request your [free assessment](https://start.paloaltonetworks.com/security-lifecycle-review-risk-assessment.html) today.

*** ** * ** ***

## Related Blogs

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Innovations in Web Security to Stop Evasive Threats](https://www2.paloaltonetworks.com/blog/network-security/dns-security-advanced-url-filtering/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Palo Alto Networks Leads the Way with Quantum and Multicloud Security](https://www2.paloaltonetworks.com/blog/2025/08/paves-way-for-quantum-ready-security/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### 5 Common Cybersecurity Threats and How to Prevent Them](https://www2.paloaltonetworks.com/blog/network-security/5-common-cybersecurity-threats/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### The Need for Zero Trust for Enterprise Public Cloud](https://www2.paloaltonetworks.com/blog/2022/09/zero-trust-for-enterprise-public-cloud/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Stop Zero-Day Threats with Zero Compromises: New PA-Series Beat Competition in Head-to-Head Test](https://www2.paloaltonetworks.com/blog/network-security/new-pa-series-miercom-report/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language