Local: (805)-371-3680 | Toll Free: (800) 240-CHIV
Ransomware attackers extorted 40% less money from victims in 2022 than the prior year, marking a positive trend in the fight against cybercrime.
According to new research from Chainalysis, an American blockchain analysis firm, the total value extorted fell from $766 million in 2021 to $457 million in 2022.
The totals tracked by Chainalysis likely fall short of the actual sum, “still, the trend is clear: Ransomware payments are significantly down.”
However, that does not mean attacks are down.
A significant factor is the outlook of cyber insurance firms, which often reimburse victims for ransomware payments. “Cyber insurance has really taken the lead in tightening not only who they will insure, but also what insurance payments can be used for, so they are much less likely to allow their clients to use an insurance payout to pay a ransom,” said Allan Liska, a Recorded Future ransomware expert.
Many Organizations Experience Multiple Attacks
Paying a ransom demand won’t necessarily prevent cybercriminals from coming back for a second attack, according to data from a recent Hiscox Cyber Readiness Report.
Hiscox found that only 59% of companies that paid a ransom successfully recovered their data. While companies receive a decryption key, it can take weeks to decrypt systems fully, and the malicious attack may negatively affect the data integrity.
Additionally, 36% of firms who paid a ransom experienced another attack, and nearly a third (29%) still saw data leaked, Hiscox reported.
The median ransom paid was under $10,000, according to the insurer.
“While the cyber criminals have long targeted high-value companies, it is clear they are now moving down the food chain,” said Gareth Wharton, cyber CEO for Hiscox. “…more mid- and small-sized businesses are being targeted and this is borne out in this year’s report. Companies with revenues of $100,000 to $500,000 can now expect as many cyberattacks as those earning $1m to $9m annually.”
