Fewer Victims Pay Ransomware, Yet More Victims
Blockchain data platform Chainanalysis has reported that cybercriminals have seen a 40 per cent fall in their earnings as more people have refused to pay the ransom following ransomware attacks.
More Strains With Shorter Lifespans
However, the number of unique ransomware strains being used in attacks increased dramatically in 2022 (Fortinet). Also, Chainanalysis reports that ransomware lifespans are dropping. For example, in 2022, the average ransomware strain remained active for just 70 days, down from 153 in 2021 and 265 in 2020.
How Does Chainanalysis Know Criminals Get Paid?
Being a blockchain data platform (blockchain is the technology behind cryptocurrencies) Chainanalysis can track money flowing in and out of Bitcoin wallets. Ransomware crews use bitcoin wallets to collect ransoms and retain their anonymity. Also, evidence from cyber insurance firms who are usually the ones reimbursing victims for ransomware payments, show that these payments are down.
Why Are People Refusing To Pay Ransomware?
There are several reasons why more victims are refusing to pay the ransomware ransom, including:
– Increased awareness. More people are becoming aware of the risks, so this has led to improved cyber-security at organisations, while increased awareness of the potential consequences of paying the ransom has led to many choosing not to do so.
– Improved and more secure backups. With the increased use of more secure cloud-based backups and other disaster recovery solutions, more people are able to recover their data without paying the ransom. It’s worth noting that insurance companies are driving security by tightening underwriting standards, and by not renewing a policy unless the insured has comprehensive backup systems, uses EDR, and has multi-authentication.
– Greater segmentation of data backups, resulting in less material business impact as a result of an attack, thereby reducing the economic justification to pay.
– US sanctions against hacker groups, e.g. those Russia’s Federal Security Service, have made paying some groups legally risky.
– Increased openness due to how common ransomware attacks have become. For example, a ransomware attack is now less of a PR disaster for companies, meaning that companies are less likely to keep quiet and pay the money to stay out of the news.
Why Are Ransomware Lifespans Dropping?
There are several reasons why ransomware lifespans are dropping (including those mentioned above), such as:
– The increased use of anti-ransomware software. As more organisations and individuals use anti-ransomware software to protect their systems, the lifespan of ransomware attacks may be shorter, as the malware is detected and neutralised more quickly.
– Improved incident response. As organisations and individuals become more familiar with the signs of a ransomware attack and have better incident response plans in place, they are able to quickly detect and respond to the attack, which can shorten the lifespan of the ransomware.
– The development of decryption tools, some security researchers have been able to develop decryption tools that can help victims recover their data without paying the ransom. This can significantly shorten the lifespan of a ransomware attack.
– More effective law enforcement action. Law enforcement agencies have been successful in shutting down some larger ransomware operations and gangs. This can also shorten the lifespan of a ransomware attack.
– Cyber insurance and the involvement of specialised teams. More companies are now using cyber insurance and have specialised teams to deal with ransomware attacks, this also can shorten the lifespan of a ransomware attack.
What Does This Mean For Your Business?
Criminal earnings from ransomware are down for the reasons mentioned above, and although larger ransomware gangs have been disrupted, there are now many smaller groups operating. It’s also worth noting that new strains of ransomware are being developed all the time, so the threat continues to be present (and is growing as previously stated). With this in mind, businesses should continue to focus on not falling victim to ransomware attacks in the first place. Measures businesses can take include having recurring meetings with all relevant teams/persons (security, networking, IT, server administration, PR, finance) and the company leadership to develop a clear picture of the strengths and weaknesses/vulnerabilities and establish how the business can remain secure and understand who’s responsible for all aspects of security. Also, seeking professional advice about cyber security and implementing best practices, e.g. with data backups and other security measures, can help keep the business safe from new as well as existing ransomware strains.