Ransomware groups are profiting less from their attacks as fewer victims give ransom payments to get the decryption keys and keep the stolen data from being exposed, according to two newly revealed reports from the ransomware remediation company, Coveware, and blockchain analysis organization, Chainalysis.
Coveware revealed that in Quarter 1 of 2019, 85% of ransomware victims paid the ransom after a ransomware attack. After that, the percentage making ransom payments has been slowly going down, with merely 37% of ransomware victims paying in the last two quarters of 2022. Coveware stated close to 50% of companies paid ransoms in 2021, as compared with 41% in 2022. Chainalysis mentioned total ransomware earnings fell by 40.3% year-over-year, decreasing from $765.6 million (2021) to $456.8 million (2022). Though ransomware victims tend not to freely disclose attacks or whenever a ransom is paid, the statistics clearly show there is an escalating unwillingness of victims to pay up.
There are various reasons for the drop in revenue. Institutions have better protection, are keeping track of their networks more tightly for clues of compromise, and have made incident response plans for ransomware attacks that allow more rapid recovery, thus lesser number of institutions find themselves without alternatives besides paying the ransom. Insurance firms have played a major role in bettering defenses against ransomware. CEO Bill Siegel and co-founder of Coveware stated after substantial losses in 2019 from ransomware attacks, insurance firms revised their terms and conditions for their cyber insurance coverage, demanding from their consumers to make certain that cybersecurity criteria were followed, such as sticking with guidelines for backups, utilizing multi-factor authentication, and establishing and assessing an incident response plan.
Chainalysis proposes that the legal risk from paying ransoms is higher and that this may additionally be a factor. Paying a ransom to any ransomware group that is sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) risks a sizeable financial penalty. In case there is any probable association between an attack and an entity on the OFAC sanctions listing, paying a ransom is very unsafe.
Facing diminishing earnings, ransomware groups have adjusted their methods, with several looking to target bigger corporations in the hope of getting bigger profits. In contrast, others have commenced targeting smaller companies due to the difficulties of getting large institutions to pay up. Based on Coveware, in Quarter 4 of 2022, the average ransom payment of $408,644 is higher by 58%. The median payment of $185,972 is greater by 342%, which Coveware associates with the decrease in income forcing gangs to ask for higher ransom demands.
Although it is becoming more challenging for cybercriminals to earn from ransomware attacks, that doesn’t indicate much fewer attacks are being carried out. The information differs but indicates that the number of attacks has always been pretty steady or decreased only a bit. There furthermore seems to have been a growth in re-extortion, regardless of ransomware groups asking for additional payments from victims after being paid the ransom. Though this technique was more prevalent in attacks on smaller-sized companies, it is a lot more employed by ransomware gangs that target medium- and large-size organizations. Surely, one of the problems with this method is victims will be actually less probable to pay the ransom.
The Federal Bureau of Investigation (FBI) discourages institutions from paying ransoms, nevertheless, payment is not banned. The FBI encourages victims to report cyberattacks even though the ransom is paid for and offers help to victims. This process appears to be working. With greater help given to victims, companies get the support they need to mitigate attacks immediately and the FBI obtains helpful information about how the groups are functioning, enabling the agency to foresee who the groups could target next. Threat intelligence could then be given to those institutions to help them better secure against ransomware attacks.
With ransomware attacks being less lucrative, this can force cybercriminals to forego ransomware; nonetheless, with income shrinking, ransomware gangs may become more aggressive and may pile much more pressure on victims or carry out more damaging attacks. The suggestion from the FBI is to make investments in defenses, carry out an incident response plan, and get in touch with the FBI promptly in case of an attack. Assistant Director Bryan A. Vorndran of the FBI’s Cyber Division, mentioned the FBI could assign a cyber-trained person on the doorway of essentially any firm in the country in an hour of the incident being reported. That agent could then give opportune support making sure that organizations recover immediately.