Ransomware may not be disappearing any time soon, but the revenue these attacks have earned have taken a sharp drop in the last year. Chainalysis claims this is largely due to more targeted organizations refusing to pay the perpetrators.
Chainalysis Finds Sizable Decline in Ransomware Revenues
Chainalysis published a report Thursday revealing that ransomware actors managed to rake in at least $456.8 million in 2022. This estimated amount is significantly lower than the $765.6 million reported in 2021, according to the analytics firm. That said, the actual number is likely higher, as researcher are still uncovering attacker-controlled crypto addresses.
“The trend is clear: ransomware payments have decreased significantly,” the authors of the study noted, emphasizing that this doesn’t necessarily mean there are fewer extortion attempts. Rather, they believe that a large part of the decline can be attributed to the refusal of more affected organizations to pay out a ransom.
The Chainalysis report also sheds light on the significant increase of ransomware variants, with active strains continuing to grow. The researchers note that most ransomware revenue is still going to a select group of strains, indicating that “the actual number of people that make up the ransomware ecosystem is likely quite small.”
Victims Are Paying Less and Less, Study Reports
Chainalysis compiled data showing a “big drop” in ransomware revenue, totaling 40.3%. The company’s evidence suggests that the decrease in extortion attempts is more likely due to victims’ increasing unwillingness to pay the ransom than to an increase in the number of ransom requests.
Michael Phillips, director at cyber insurance firm Resilience, confirms that ransomware continues to be a major threat. However, a number of factors are disrupting these attempts, such as increased pressure from Western law enforcement to crack down on the perpetrators of such crimes, resulting in arrests and funds seizure.
Allan Liska, an expert in ransomware and intelligence at Recorded Future, gathered data from breach notification sites and revealed that ransomware attacks declined more than 10% between 2021 and 2022, from 2,865 – 2,566. Liska also noted that ransom payments have become more legal risky.
With the threat of sanctions looming, attackers are also facing the possibility of legal consequences.
Cyberinsurers, who are the ones that reimburse ransomware victims, have also played a role. “Cyberinsurers have really taken the lead in restricting not only who they will insure, but also what insurance payments can be used for, so they are much less likely to allow their customers to use an insurance payment to pay a ransom,” Liska commented.
Cyberinsurers are demanding improved cybersecurity measures to drive the trend towards less ransom payments. Bill Siegel, CEO and co-founder of ransomware incident response firm Coveware, reported that the victim payout rate decreased from 76% to 41% between 2019 and 2022.
What do you think of these findings? Share your thoughts in the comment section below.
