Ransomware Income Sees Notable Decline in 2022

Cybersecurity Statistics

Although the actual figures are probably much higher, they do give us a sense of how ransomware payments are evolving. Initially, last year’s estimates suggested a decrease from $765 million to $602 million, but subsequent corrections indicated a slight increase instead.

Payments vs. Attacks

Despite a noticeable decline in ransom payments, it's important to understand the different factors contributing to this trend:
    • Fewer Victims Willing to Pay: Research from our team and Chainalysis highlights a growing trend of victim organizations refusing to pay ransom demands.
    • Negotiation of Ransom Amounts: It has become common for ransom sums to be negotiated down. The emergence of specialized ransomware negotiators, like Kurtis Minder featured on our Lock & Code podcast, underlines this shift. Minder discusses how his company has developed formal training for ransomware negotiation.
    • Reasons for Not Paying: Companies resist paying ransoms for several reasons, including keeping the ransomware ecosystem from thriving, no assurance of data recovery, the effectiveness of restoring systems from backups, and legal prohibitions due to sanctions.

Number of Attacks

While ransomware attacks continue to make headlines, their actual frequency might be underreported since only non-paying victims typically end up on ransomware groups' leak sites. According to IT service provider AAG, the first half of 2022 saw 236.1 million ransomware attacks worldwide, slightly down from the 623.3 million attacks reported through 2021.

High-Profile Negotiation Case

In October 2022, we reviewed the ransom negotiation between Continental and the LockBit ransomware group. Despite negotiations starting on September 23 and continuing for a month, the talks faltered. The last communication from Continental, on October 24, suggested a pending management meeting. Ultimately, the negotiations did not resume favorably for LockBit, leading them to post the stolen data for sale or destruction on their dark web site.

Industry Impact and Future Outlook

The decline in ransom payments, as evidenced by Chainalysis and various experts, points to a more resilient stance against ransomware by corporations. This trend, alongside the evolving role of ransomware negotiators, offers hope for better handling of cyber threats in the future.

Detailed Insights

For those interested in a deeper dive, the report by Chainalysis provides extensive details on the dynamics of ransomware attacks and the efficacy of current response strategies.