Hijacking a computer system and holding its access hostage just doesn’t pay like it used to.
At least that’s the takeaway from a report released Thursday from Chainalysis, which found that the revenue ransomware criminals extorted from victims dropped by a whopping 40.3% last year despite evidence that the number of attack attempts surged.
The amount that ransomware attackers extorted from victims in 2022 was at least $456 million, a marked decline from the $765 million such threat criminals raked in for 2021.
“After two years of growth in ransomware revenue, we were surprised and encouraged to see that ransomware victims are paying less frequently — a trend we hope will carry into 2023,” Chainalysis Director of Research Kim Grauer told FOX Business.
The analysts at the blockchain data platform say the dramatic drop in payouts is due to more victims simply refusing to pay ransomware attackers, and the analysts pointed to a few reasons why.
Grauer says the platform’s team also discovered increased data extortion events, where data is exfiltrated from a victim’s system but is not encrypted. The strategy, she explained, is likely an attempt by threat actors to evade the “ransomware” label, which could delay or hinder a victim’s ability or willingness to pay.
Possibly the most significant factor, Chainalysis reported, is that paying ransoms has become much more of a legal risk for companies and organizations, particularly after a U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) advisory in September warning that doing so could result in sanctions.
Another reason fewer extortion payouts are made could be due to pressure from cyberinsurance firms, which are increasingly requiring their insureds to bolster their backup systems and security measures. Bill Siegel, CEO of ransomware incident response firm Coveware, explained to Chainalysis, “While having an effective backup solution doesn’t stop ransomware attacks and doesn’t help with data theft, it does give victims more options so they aren’t forced to pay.”
Brandon Pugh, policy director for R Street’s Cybersecurity and Emerging Threats team, told FOX Business another reason ransomware victims are hesitant to pay is that once they do, word could get out in the criminal community and increase the risk of a future attack.
But the obvious risk in paying is that there is no guarantee that the hijackers will actually follow through in releasing a victim’s data or systems after receiving their funds.
Pugh says malicious cyberactors “are not necessarily the most upstanding citizens people are dealing with.”
Despite the decline in ransomware payment volume, Chainalysis warns that people must remain on guard because attack attempts do not appear to be slowing down anytime soon.
“What is clear from our data and research is the underground economy that fuels the attack kill chain for ransomware and extortion continues to thrive,” Grauer says. “With this in mind, we expect to see the continued sale of access to victim networks and credentials leading to persistent attacks in 2023.”
Sources:
https://www.foxbusiness.com/technology/ransomware-revenue-plunged-40-last-year-more-victims-refuse-pay-study