Although the number of cyber attacks seems to be increasing, fewer and fewer companies are paying the ransom that is often demanded. This is according to a new study by Chainalysis.
Significant drop in ransom paid
Often a ransom is demanded in the form of cryptocurrency. In exchange, the systems will be released again or no (sensitive) information from the company will be made public. Previously, this ransom was almost always paid. However, where almost $760 million was still paid in 2021, in 2022 this was ‘only’ about $457 million, a decrease of 40%. The report says the following about this:
This doesn’t mean there are fewer cyberattacks, or at least not as many as the drastic drop in payments suggests. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.
However, the actual total amounts could potentially be much higher. There are most likely crypto addresses present that have not yet been identified.
What is Ransomware anyway?
Ransomware is a type of malicious software that encrypts a victim’s files. The attackers then demand a ransom from the victim to restore access to the files after payment.
Ransomware attacks can be financially devastating to individuals and organizations as they can lose access to important files and systems until the ransom is paid.
Some variants of ransomware can also spread to other computers on the same network, further increasing the damage done by the attack. It is therefore important to have regular backups and security software to better protect you against such ransomware attacks.
One reason for the decline in ransom payments may be because legal risks are on the rise. This is in light of the fact that the US government has aggressively issued sanctions against crypto companies that may facilitate illegal activities. This also includes money laundering of ransomware payments.
Simply put, this means that companies or individuals can get legal consequences for paying a ransom to hackers, so that they are less likely to opt for this in practice. The head of cyber threat intelligence at Chainalysis, Jacky Burns Koven, had this to say:
One of the biggest factors companies consider when deciding whether to pay a ransom is how risky it would be legally, especially given the danger that they could pay a sanctioned entity, which would have serious legal ramifications.
Also, insurance companies have become much stricter about ransomware payouts and the FBI also advises against making such payments. This, in turn, has shifted the number of payments made to ransomware companies, while the number of active ransomware attacks exploded in 2022.
It is worth noting that the number of people involved in ransomware attacks is incredibly small, perhaps only a few hundred people. In fact, they are the same (cyber) criminals who keep reinventing their ransomware. It is not yet known whether there will be more ransomware attacks in 2023 than in 2022, but there is a chance.