2022 has been an important year in the fight against ransomware. According to statistics from Chainalysis, cybercriminals around the world were able to get a total of about $457 million in 2022. When, as in 2020 and 2021, these figures aspired to 800 million. On the face, a drop of almost 40%.
It is clear that it is impossible to record absolutely all cybercrimes taking place in the world, but even according to information in the public domain, there is a clear trend - the income of hackers has sharply decreased in 2022. What is it connected with?
Global Ransomware Payout Statistics ($ million)
The decrease in ransomware earnings for hackers does not mean that the number of attacks has decreased. Experts from Chainalysis believe that most victim organizations simply refuse to pay extortionists. And this is happening more and more.
Despite falling revenues, the number of active unique strains of ransomware has skyrocketed in 2022. More than 10,000 unique strains were active in the first half of 2022, according to Fortinet research. Moreover, the average period of use of one strain continues to decrease. This is likely due to the fact that cybersecurity companies are quick to add malware to their registries.
Average life cycle of a single strain of ransomware (days)
Michael Phillips, director of claims at Resilience, pointed out that companies should not relax just because ransomware revenues have fallen. "Cyber insurance industry claims data shows that ransomware remains a growing cyber threat to businesses and enterprises."
Bill Siegel of Coveware shared statistics on the likelihood of a ransomware victim paying a ransom based on his firm's client cases over the past four years.
Since 2019, the level of payments to victims has fallen from 76% to 41%. But what exactly explains this shift? One important factor is that the payment of a ransom has become more legally risky, especially since OFAC issued a recommendation in September 2021 about the possibility of violating sanctions when paying a ransom.
“With the looming threat of sanctions, there is an additional threat of legal implications for payment,” said Allan Liska, a spokesman for Future Intelligence.
Another important factor is changes in the payout policy of insurance companies, which used to always reimburse ransoms to victims.
“Insurers have really tightened up the rules lately that govern who they insure and what insurance premiums can be used for. Therefore, they are much less likely to allow their clients to receive an insurance payment for ransomware,” Liska said.
Phillips voiced this opinion: “Today, companies must adhere to strict cybersecurity and backup measures in order to be safe from ransomware. These requirements have been proven to be effective in helping companies recover from attacks rather than paying ransoms.”
However, Liska emphasized that backups are not a panacea. He noted that the data recovery process could take months and leave ransomware victims vulnerable to subsequent attacks. To avoid becoming a victim of ransomware, the aforementioned expert recommends that organizations conduct periodic exercises during which they gather the heads of absolutely all departments of the company and together think about how the organization can ensure its security. Identify all vulnerabilities in advance and take preventive measures.
“A realistic understanding of the security posture of your organization, its strengths and weaknesses, will better prepare everyone in case the organization is attacked by ransomware, as well as inform management about where to invest to improve network security,” summed up Liska.
Thus, the decrease in the income of cybercriminals is due to many factors. But one of the most important is that more and more organizations are hardening the security of their networks. Their work is simply harder than before to be disrupted by ransomware. Regular backups of data, more difficult authentication to internal systems, security recommendations for employees, joint trainings and brainstorming sessions can all effectively enhance a company's cybersecurity.
It is to be hoped that this trend will continue in the future. More and more companies will think about their security still "on the shore" and thoroughly strengthen it. This will help to withstand any attacks and threats.