The New Numbers
In Q2 of 2023, only 34% of ransomware attacks resulted in the victim paying up, a record low. But don't let that fool you. The average ransom payment has skyrocketed to $740,144, a 126% increase from Q1 2023. How did we get here? Let's explore.
Understanding the Cyber Extortion Opportunity Cost Curve
Imagine a curve that charts the financial impact on the victim against the expected profit for the threat actor. This curve helps us understand different extortion strategies, from low-effort, low-impact attacks to high-cost, high-impact ones.
The Changing Face of Ransomware
Threat actors are adapting. Some groups like Dharma and Phobos have become dormant, while others are shifting tactics, tools, and targets. The CloP group, for example, made a staggering sum of money from the MOVEit campaign, despite a very small percentage of victims paying.
The Impact on Industries
As threat actors react to shifts in their economic opportunity costs, we're likely to see changes in industry concentrations. It's a game of cat and mouse, and the landscape is ever-changing.
Ransomware Attack Vectors:
As the unit economics of cyber extortion shift, attack vectors and TTPs shift. Threat actors are increasingly “living off the land”, but demonstrated by CloP, the fields are far more fertile for some groups vs. others. Here are the updated attack vector numbers:
The upshot
The world of ransomware is complex and ever-evolving. While monetization rates are falling, the stakes are rising, with higher ransom payments and more sophisticated attacks. It's a reminder that investing in security, continuity assets, and security awareness training is more crucial than ever. Full recommended blog post at Coveware.
Let's stay safe out there. Train those users, because the #1 ransomware attack vector is... phishing.