[Eye Popper] Ransomware Victims Refused To Pay Last Year

Ransomware-payments-graphic-courtesy-chainalysis-1 Finally some good news from the ransomware front! Despite bad actors launching a number of ransomware campaigns throughout 2022, organizations refused to submit and paid criminals an estimated $456.8 million - 40% less than the astounding total of $765 million in ransom payments from 2020 and 2021.

According to blockchain analytics company Chainalysis, this decline is not attributed to fewer attacks but rather victims taking a stand against extortionists.

In a trend that has emerged since 2019, an increasing number of ransomware victims are refusing to pay the extortion demands imposed by threat actors. According to cyber-intelligence firm Coveware, this is shown in their data which demonstrates a consistently declining rate of victim payments. This is the trend Coveware reported:

Ransomware-payments-graphic-courtesy-chainalysis-3

You see this remarkable shift has occurred in how ransomware victims have responded to being infected. In 2019, an overwhelming majority of 76% decided to pay the ransom. However, by 2022 that number drastically dropped down to 41%. Evidently many people are now taking measures beforehand or finding alternate solutions after becoming victim instead of giving into extortioners' demands and paying up. This very encouraging change can likely be attributed to three causes:

Victims acknowledge that paying the ransom does not ensure they'll regain access to their files, and so they simply don't pay up.
In contrast with earlier times, now there is a more mature understanding of ransomware attacks – so much so that data leaks from these assaults no longer significantly harm the reputation of an organization.
Organizations are increasingly adhering to better backup strategies enabling them to restore systems in case of any attack on their IT infrastructure.

Average Ransomware Lifespan Decreases Significantly

2022 was one of the most active years in ransomware activity, with thousands of file-encrypting malware strains targeting organizations of all sizes. However, likely due to diminishing profits, among other reasons, the average ransomware lifespan dropped from 153 days in 2021 to just 70 days in 2022.

Ransomware-payments-graphic-courtesy-chainalysis-2

This same trend of ever shorter Time To Live plays out in malware and in malicious URLs and phishing campaigns makes them continually harder to catch.

You simply got to work on creating a strong security culture [VIDEO] as your last line of defense.

A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

How to detect ransomware programs, even those that are highly stealthy

Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)

The policies, technical controls, and education you need to stop ransomware in its tracks

Why good backups (even offline backups) no longer save you from ransomware