Finally some good news from the ransomware front! Despite bad actors launching a number of ransomware campaigns throughout 2022, organizations refused to submit and paid criminals an estimated $456.8 million - 40% less than the astounding total of $765 million in ransom payments from 2020 and 2021.
According to blockchain analytics company Chainalysis, this decline is not attributed to fewer attacks but rather victims taking a stand against extortionists.
In a trend that has emerged since 2019, an increasing number of ransomware victims are refusing to pay the extortion demands imposed by threat actors. According to cyber-intelligence firm Coveware, this is shown in their data which demonstrates a consistently declining rate of victim payments. This is the trend Coveware reported:
You see this remarkable shift has occurred in how ransomware victims have responded to being infected. In 2019, an overwhelming majority of 76% decided to pay the ransom. However, by 2022 that number drastically dropped down to 41%. Evidently many people are now taking measures beforehand or finding alternate solutions after becoming victim instead of giving into extortioners' demands and paying up. This very encouraging change can likely be attributed to three causes:
- Victims acknowledge that paying the ransom does not ensure they'll regain access to their files, and so they simply don't pay up.
- In contrast with earlier times, now there is a more mature understanding of ransomware attacks – so much so that data leaks from these assaults no longer significantly harm the reputation of an organization.
- Organizations are increasingly adhering to better backup strategies enabling them to restore systems in case of any attack on their IT infrastructure.
Average Ransomware Lifespan Decreases Significantly
2022 was one of the most active years in ransomware activity, with thousands of file-encrypting malware strains targeting organizations of all sizes. However, likely due to diminishing profits, among other reasons, the average ransomware lifespan dropped from 153 days in 2021 to just 70 days in 2022.
This same trend of ever shorter Time To Live plays out in malware and in malicious URLs and phishing campaigns makes them continually harder to catch.
You simply got to work on creating a strong security culture [VIDEO] as your last line of defense.