Ransomware Doesn’t Pay Like It Used To

Good news in the battle against ransomware attacks (but bad news for hackers). While some bad actors might be tempted to jump into the dark world of ransomware for the profits, as it turns out, there seems to be a fundamental problem: Victims aren’t paying.

According to Ars Technica, there have been two studies as of late showing a dramatic decline in the number of victims paying ransoms during cyberattacks. Blockchain analysis firm Chainalysis released a blog post detailing how payments decreased from $766 million in 2021 to $457 million in 2022. While their findings aren’t necessarily comprehensive, the $309 million difference is still staggering.

One issue for ransomware participants is that, contrary to appearances, the pool of “talent” is actually quite small, making them much easier to track than many may think.

Coveware, a cybersecurity analysis firm, mirrors the findings of Chainalysis. Coveware has seen a steep drop in victims paying out, going from 85% in Q1 of 2019 to just 37% in Q4 2022.

These decreases likely are due to a few factors. One, cybersecurity awareness is better now than it was, and organizations and individuals are better prepared against potential attack. If you anticipate bad actors on the horizon, you’re less likely to fall for their traps. Also a plus, though, is the response to attacks. Organizations and law enforcement alike are more educated and better prepared to address an attack when it happens today.