Ransomware payments have seen a significant decline in 2022 compared to the previous years, with victim organizations showing increasing reluctance to pay their extortionists. According to the latest findings by Chainalysis, ransomware attackers managed to extort $456.8 million from victims in 2022, a sharp drop from $765.6 million in 2021 and $765 million in 2020.
While the actual figures may be higher due to unidentified cryptocurrency addresses controlled by ransomware attackers, there is a clear trend of decreasing ransomware payments. Jackie Koven, head of cyber threat intelligence at Chainalysis, expressed surprise and optimism about this trend, stating that they hope to see it continue in 2023.
One of the primary reasons for this decline in ransomware payments is the growing pressure from governments and the associated risks of paying ransom demands. With many ransomware gangs linked to state-sponsored entities, such as the case with Conti publicly supporting the Russian invasion and subsequently facing leaks tying it to Russia’s Federal Security Service (FSB), victims and incident response firms are increasingly wary of making payments.
Government advisories, particularly from the US, have also highlighted the legal risks associated with paying ransomware demands, especially when dealing with cyber actors operating under economic sanctions. Additionally, the role of cyber insurance has played a significant role in victims’ reluctance to pay, as insurers are becoming stricter about coverage for ransom payments and demanding improved cybersecurity measures from their clients.
Despite the drop in ransomware revenue, there has been an increase in the number of unique ransomware strains in operation in 2022, with threat actors constantly rebranding their tactics to evade detection. Cybercriminals are also shifting towards exfiltration-based extortion strategies, where data is stolen from victims’ systems instead of being encrypted, in an attempt to compel organizations to pay up.
The report also highlighted the thriving ransomware-as-a-service (RaaS) model, where developers provide malware to affiliates for carrying out attacks in exchange for a share of the profits. This underground economy supporting ransomware attacks is expected to continue thriving in 2023, with the sale of access to victim networks and credentials fueling persistent attacks.
Overall, the landscape of ransomware attacks is evolving, with victims becoming more cautious about making payments, governments increasing pressure on ransomware actors, and cybercriminals adapting their tactics to stay ahead of law enforcement efforts. As organizations continue to bolster their cybersecurity measures and insurers tighten their policies, the hope is that ransomware payments will continue to decrease in the coming years.