Ransomware groups are earning less from their cyberattacks as fewer victims pay ransoms to acquire the decryption keys and keep the stolen information from publicity, based on two lately published reports from the ransomware remediation company, Coveware, and blockchain analysis organization, Chainalysis.
Coveware stated that in Q1 of 2019, 85% of ransomware victims gave ransom payments subsequent to an attack. From then on, the percentage of paying ransoms has been gradually decreasing, with only 37% of ransomware victims giving payments in the past two quarters of 2022. Coveware stated about 50% of companies gave ransom payments in 2021, as opposed to 41% in 2022. Chainalysis explained total ransomware earnings dropped by 40.3% year-over-year, falling from $765.6 million (2021) to $456.8 million (2022). Although ransomware victims don’t usually openly disclose attacks or when a ransom is paid, the numbers highly indicate there is a growing unwillingness of victims to make payments.
There are a number of reasons for the drop in income. Companies have enhanced protection, are tracking their systems more carefully for indications of compromise, and have created incident response plans for ransomware attacks that enable faster recovery, therefore fewer institutions find themselves with no option except to pay the ransom. Insurance firms have played a crucial part in enhancing defenses against ransomware. CEO Bill Siegel and co-founder of Coveware mentioned after big losses in 2019 from cyber attacks, insurance organizations upgraded their terms and conditions for their cyber insurance plans, necessitating their clients to make sure that cybersecurity requirements were kept, which include adhering to guidelines for backups, using multi-factor authentication, and creating and evaluating an incident response plan.
Chainalysis recommends that the legal danger from paying ransoms is higher and that this can likewise be a factor. Ransom payment to any ransomware gang that is banned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) risks a substantial financial penalty. When there is any likely link between an attack and an entity on the OFAC sanctions listing, paying a ransom is extremely dangerous.
Confronted with deteriorating earnings, ransomware gangs have altered their strategies, with a few choosing to target bigger companies in the hope of obtaining substantial revenue, although others have begun targeting smaller companies because of the issues of getting large institutions to pay up. As per Coveware, in the 4th quarter of 2022, the average ransom payment of $408,644 improved by 58%. The median payment of $185,972 is greater by 342%, which Coveware links to the decrease in profits forcing gangs to raise their ransom demands.
Though it is becoming more difficult for cybercriminals to profit from ransomware attacks, that doesn’t suggest fewer attacks are being done. The data vary but indicate that the number of attacks has always been relatively consistent or dropped only somewhat. There additionally seems to have been a rise in re-extortion, whether or not ransomware groups require more payments from victims after getting ransom payments. Although this strategy was more typical in attacks on smaller-sized companies, it is increasingly being utilized by ransomware groups that target medium- and big-size organizations. Certainly, one of the problems with this strategy is victims will be actually less possible to make payments.
The Federal Bureau of Investigation (FBI) dissuades institutions from making ransom payments, however, payment is not forbidden. The FBI asks victims to report cyberattacks even if the ransom is compensated and gives support to victims. This solution seems to be effective. With more assistance offered to victims, companies get the assistance they require to rapidly mitigate attacks and the FBI gets useful ideas into how the groups are working, permitting the agency to anticipate who the gangs might target next. Threat intelligence may then be provided to those institutions to help them better protect against ransomware attacks.
With ransomware attacks starting to be less rewarding, this may make cybercriminals give up ransomware; nevertheless, with income diminishing, ransomware gangs may become far more aggressive and can pile a lot more pressure on victims or perform more detrimental attacks. The FBI recommends spending on defenses, applying an incident response plan, and contacting the FBI immediately in case of an attack. Assistant Director Bryan A. Vorndran of the FBI’s Cyber Division, mentioned the FBI could send a cyber-trained individual to the front door of practically any company in the country within an hour of reporting the incident. That agent can then offer prompt help making sure that companies recover immediately.