A new report from Chainalysis provides some seemingly great news about ransomware payments, with a 40% reduction in 2022. However, these results do not necessarily indicate that cyber crime is on the wane.
Among other things, the report finds that more people are refusing ransomware payments simply because they are forced to (either by sanctions or lack of insurance). And though the drop from $765 million to $457 million is a very impressive one, the total is still way up from the $174 million in payments made in the last year before the Covid-19 pandemic (2019).
Drop in ransomware payments a mix of sanctions, insurance market conditions, increasing reliance on backups
Sanctions are definitely having an effect on ransomware payments. Gangs in Russia that declared support for the government in its invasion of Ukraine were swiftly hit with sanctions that add substantial cost to payments and have organizations thinking twice about cooperating.
However, organizations also appear to be responding to skyrocketing costs by simply relying more on regular backups and the most basic lines of defense. In addition to ransom payment and remediation costs continuing to trend upward, cyber insurance is now much more difficult to obtain and more expensive (and limited in what it covers). When insurance applicants go to get (or renew) coverage, they are now frequently asked by insurers to demonstrate that they have an adequate backup system in place and have at least a modest amount of security and awareness training. Some may be coming to the conclusion that these systems are enough without the added hassle and cost of the insurance on top of it all.
Chainalysis also finds that the business world at large was typically slow to respond to warnings about ransomware that have been sounded for years now, but is finally catching up in terms of actually getting adequate security and best practices into place. Though attacks continue to be common, businesses may be experiencing higher rates of success in cutting them off before critical files are encrypted and ransom demands are made.
There is at least one reason to be cynical about these numbers, however: underreporting of attacks is also likely on the increase as cyber insurance coverage becomes harder to obtain and sanctions against the biggest entities become more common.
Ransomware payments down from record pandemic amounts, but remain well above “normal”
Prior to the Covid-19 pandemic throwing gasoline on the fire, ransomware attacks and payment amounts had been slowly trending upward for several years through 2019. 2020 and 2021 saw massive increases and record amounts, and ransomware payments continue to be well above what was seen in the more “normal” conditions prior to March 2020.
There are some other markers to be concerned about. One is a massive growth in the different strains of ransomware, as the more sophisticated groups appear to be pivoting to using more “disposable” variants for shorter durations to stay a step ahead of automated defenses. Strains were averaging over a year in circulation prior to the pandemic, and are now down to an average of just over two months.