A report conducted by Chainalysis noted a 40% drop in payments made to ransomware extortion groups in 2022. Experts attribute this steep drop to victims refusing to pay criminal groups, even under threat.
According to Chainalysis, the running total extorted from victims throughout 2022 was about $456.8 million. That’s roughly 40% less than the unsurpassed $765 million recorded in the previous two years.
Coveware ran a similar study and found that 41% of their clients paid ransoms in 2022 compared to the 70 percent that paid the ransoms in 2020
The bad news is that the lower overall payments do not mean that there were fewer attacks. On the contrary, the Chainalysis report data illustrates that ransomware attacks increased in frequency over the year, with over 10,000 new active strains used in just the first few months of 2022.
Coveware’s graphs show increasing average amounts paid to ransomware groups, even though fewer companies are paying the ransom demands. This can be explained by simple economics. As the profitability of a given ransomware attack declines for ransomware groups, they are attempting to compensate for their losses by adjusting their tactics. Threat actors are shifting the target slightly higher up in the market to try to target larger firms and justify larger initial demands, hoping that these companies will more willingly fall for their threats, even as their overall success rate in the amount of paying targets declines.
Another interesting economic trend, as explained by Coveware, is the cyclic nature of a decrease in overall profits for ransomware groups. As the profits of ransom attacks decrease, the market becomes less enticing and less swamped. With fewer resources, operating costs to carry out an attack increase. The cycle repeats itself and the end result is fewer criminals that will be successful in distributing ransomware, and ultimately fewer attacks.
A considerable psychological shift occurred among ransomware targets over the past year. For the first time, most ransomware victims in 2022 chose not to pay. This change in conduct reveals a changing attitude toward how ransomware attacks are perceived and handled.
The psychological shift can be attributed to several factors: