Researchers Report Decline in Companies Paying Ransom to Cybercriminals

According to new research from Chainalysis Inc., fewer companies that are infected with ransomware are paying the extortion fees demanded by hackers. This is likely due to increased awareness of the risks associated with ransomware, as well as improved security measures that make it more difficult for hackers to access sensitive data.

According to a blockchain forensics firm, ransom payments are estimated to have dropped by 40% in 2022, from $765.6 million in 2021 to $456.8 million. Ransom payments are almost always made in cryptocurrency, so this decrease may indicate a trend away from using crypto for this purpose.

According to a recent report, the sharp decline in ransomware payments is likely due to victim organizations increasingly refusing to pay attackers. This does not necessarily mean that attacks are down overall, but rather that fewer organizations are succumbing to ransom demands. This is a positive development, as it suggests that more organizations are taking a stand against ransomware and refusing to enable these criminals.

Chainalysis has said that the actual totals could be much higher, as there are cryptocurrency addresses controlled by ransomware attackers that its researchers haven’t yet identified.

Ransomware is a type of cyberattack in which hackers encrypt a victim’s data files and demand a payment to unlock them. In some cases, the hackers may also steal data and threaten to publish it online unless the company pays a ransom. This type of attack can be very costly and disruptive for businesses, which is why it’s important to have strong cyber security measures in place to protect against it.

The research from Chainalysis is supported by data from the cyber incident response company Coveware. According to Chainalysis's research, the number of Coveware's clients that have paid a ransom after an attack has steadily decreased since 2019, from 76% to 41% in 2022.

One reason that ransom payments may be going down is that it now comes with increasing legal risk. The US government has been aggressively issuing sanctions against cryptocurrency companies that allegedly facilitate illegal activity, including laundering ransomware payments. This means that companies could face legal consequences for paying ransom payments to hackers.

According to Jackie Burns Koven, head of cyber threat intelligence at Chainalysis, one of the biggest factors companies are taking into account when determining whether they should pay a ransom is how risky it would be legally. She noted that there is a danger that companies could be paying a sanctioned entity, which would have severe legal ramifications.

She also noted that insurance companies are becoming much more strict about how and when their insurance payouts can be used, often eliminating the ability to use them to pay ransomware.

The FBI has advised companies not to pay ransomware payments. This is because doing so may encourage attackers to target other businesses and individuals. Additionally, paying a ransom does not guarantee that you will get your data back.

According to research from Chainalysis, there have been some changes in the ransomware marketplace.

For instance, the number of ransomware strains in operation exploded in 2022, according to Chainalysis. The cybersecurity firm Fortinet’s research showed more than 10,000 unique strains being active in the first half of the year. Its researchers also found that the lifespan of a ransomware strain has steadily declined, to 70 days in 2022 from 265 in 2020.

Many hacking groups operate a ransomware as a service, where a core group of administrators offer their malware strains to affiliates, who conduct the attacks and return a fixed cut of the proceeds. This allows the groups to continue their illegal activities while minimizing their risk.

The researchers concluded that affiliates are carrying out attacks using several different ransomware strains. The administrators, meanwhile, rebrand themselves and switch between strains. This allows them to stay one step ahead of security measures and continue carrying out their attacks.

According to Bill Siegel, CEO and co-founder of Coveware, the number of people involved in ransomware is much smaller than people think - maybe only a couple hundred. He says that the same criminals are just using different methods to avoid detection.

Siegel did not respond to a request for comment.