Cybercriminals are making less money from ransomware attacks as victims increasingly refuse to pay their ransom demands.
Analysis by cryptocurrency and blockchain company Chainanalysis shows that ransom payments fell 40% last year, falling from $765.6 million in 2021 to $456.8 million in 2022.
While, Cybersecurity researchers at Coveware also said that the number of victims paying ransom has decreased significantly in recent years, falling from 76% of victims in 2019 to 41% of victims in 2022.
The figures do not and cannot be explained for all ransomware attack but researchers say the pattern is clear — fewer victims make extortion requests, and ransomware gangs are generally harder to monetize attacks.
But that doesn’t mean ransomware attacks pose less of a threat; cybercriminals are still hacking into networks and encrypting data, disruption to businesses, infrastructure, and day-to-day services — and even if the victim does not issue a ransom demand, the blackmail gangs still disclose the stolen information in retaliation.
According to Coveware, there are several reasons for the decrease in the number of ransom payments.
The first is that organizations are getting better in Cybersecurity strategy and incident response planninginvest in safeguards such as Backup software and hardwareso in the event of falling victim to a ransomware attack, there is a means of retrieving data without having to respond to extortion requests.
And if the company has invested in a good cybersecurity strategy, that means they are better equipped to deal with the consequences, even if an attack is successful.
“Companies better able to protect themselves are less likely to be attacked as often,” Coveware said. Businesses with well-practiced incident response processes are less likely to experience physical impact (possibly. resulting in a ransom payment) when an attack is successful”. Researchers.
The researchers suggest that the second reason for the reduction in ransom payments is a change in the approach of law enforcement, which has shifted from focusing solely on preventing activities. cybercriminals and arrests to directly help victims of attacks, as well as provide advice and support on how to make sure the network is as strong as possible against cyberattacks.
A third reason for ransom payments to drop is the self-fulfilling cycle; because the fewer victims paying the ransom, the harder it is for ransomware gangs to make money, meaning that some are forced to shut down because it’s not worth the time or effort if they don’t turn a profit.
“The end result is fewer cybercriminals who can make a living distributing ransomware and, ultimately, fewer attacks,” Coveware said.
While many welcome the reduction of ransom payments, that doesn’t mean ransomware is no longer a threat. Because even if many victims refuse to pay the ransom, organizations are still being hit by ransomware attacks.
For starters, being hacked and locked out of files and servers causes disruption — and when this lock related to critical infrastructure or healthcareit can have devastating and lasting effects on the people who rely on those services.
Add Doa, many ransomware operations now engage in so-called ‘double blackmail’ attacksthat’s where cybercriminals also use the network access they have to plant ransomware to steal sensitive information.
Also: Ransomware: Why it’s Still a Big Threat and Where the Gangs Go Next
According to the analysis of Underground forum of cybersecurity researchers at Group-IBThere has been a 22% increase in dark web data leaks following ransomware attacks over the past year.
The rise in data leaks may be related to an increase in victims’ unwillingness to pay the ransom, with cybercriminals releasing stolen information in retaliation — even though victims choose to pay the ransom. , Anyway, it’s not unknown that cybercriminals take money and publish information.
Ransomware remains a significant cybersecurity threat to organizations, but there are strategies that can be deployed to make it more difficult for ransomware gangs and other cybercriminals to compromise the network. and monetize attacks.
Protect users with multi-factor authentication (MFA) can go a long way to stopping hackers from breaking into a network, even if they know the right password. If used correctly, MFA not only prevents cybercriminals from exploiting stolen credentials, but can also notify users — and security teams — that passwords have been guessed or stolen. .
We also recommend that user accounts be secured with strong, unique passwordthus reducing the risk that cybercriminals can use brute force attacks to crack common or simple password.
Organizations should also ensure security patches and updates are applied in a timely manner to prevent possible cybercriminals. exploit vulnerabilities with known fixes to gain access to an account or network.
MORE ABOUT NETWORK SECURITY
