Fewer companies are paying ransoms to hackers, according to new research from blockchain forensics firm Chainalysis Inc. The research indicates that ransom payments, which are almost always paid in cryptocurrency, fell to $456.8 million in 2022, a 40% drop from $765.6 million in 2021.
According to the report, “that doesn’t mean attacks are down, or at least not as much as the drastic dropoff in payments would suggest. Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.” The research is supported by data from cyber incident response company Coveware, which disclosed that the number of clients who have paid a ransom after an attack has steadily decreased since 2019, from 76% to 41% in 2022.
One reason for the decline in ransom payments may be the increasing legal risk associated with paying hackers. The US government has been aggressively issuing sanctions against cryptocurrency companies that allegedly facilitate illegal activity, including laundering ransomware payments. This means that companies could face legal consequences for paying ransom payments to hackers.
Another reason is that insurance companies are being more strict about how and when their insurance payouts can be used, often eliminating the ability to use them to make ransomware payments altogether. The FBI advises companies against paying ransomware payments.
Chainalysis’s research also highlighted shifts in the ransomware marketplace. The number of ransomware strains in operation exploded in 2022, and cybersecurity firm Fortinet’s research shows that more than 10,000 unique strains were active in the first half of the year. The lifespan of a ransomware strain has also steadily declined, to 70 days in 2022 from 265 in 2020.
Many of the hacking groups operate what is known as ransomware as a service, where a core group of administrators offers their malware strains to “affiliates,” who conduct the attacks and return a fixed cut of the proceeds. The researchers concluded that affiliates are carrying out attacks using several different ransomware strains, while the administrators rebrand themselves and switch between strains.
In conclusion, the research shows that fewer companies are paying ransoms to hackers, likely due to increasing legal risk and stricter policies from insurance companies. The research also highlights changes in the ransomware marketplace, including the explosion of new strains and a shorter lifespan for those strains.