Ransomware victims are finally refusing to pay up

Alfonso Maruccia

Posts: 184   +91
Staff
In brief: Ransomware-type malware threats encrypt files and then ask the victims to pay cryptocurrency if they want to get their data back. In 2022, however, the market started to change as fewer and fewer companies chose to be blackmailed.

According to data provided by blockchain analysis firm Chainalysis, ransomware revenues for 2022 have shrunk from $765.6 million to at least $456.8 million, or a -40.3% drop year-over-year. The volume of attacks is as impressive as ever, but the number of victims that refuse to pay the ransom has grown as well.

Working with Coveware, Chainalysis has seen a sharp reduction in the number of ransomware victims willing to pay: they were 76% in 2019 but just 41% in 2022. It's a "highly encouraging" trend, Chainalysis says, likely influenced by different reasons.

Ransomware victims have realized that even if they pay the ransom, there's no guarantee they will get their data back or that the ransomware actor will delete the "stolen" files without selling them to third parties on the dark web. The public perception of the ransomware phenomenon has matured as well, so data leaks don't carry the same risks for brand reputation of the last few years.

Companies and public organizations, which are the main targets of modern ransomware operations, have developed better backup strategies as well, so that data recovery is a much cleaner and easier affair than it was just a couple of years ago.

Insurance companies are also much less likely to allow their clients to use an insurance payout to fulfill a ransom request. Finally, as many ransomware operations are based in Russia, victims who decide to pay could face the harsh legal consequences brought by the economic sanctions against the country after the invasion of Ukraine.

Even though the victims are not paying as much as before, the ransomware business is anything but dead: in 2022, the average lifespan of file encrypting-malware strains has dropped from 153 days to just 70 days year-over-year. The "Conti" ransomware operation came to an end while other ransomware-as-a-service (raas) operations went live, including Royal, Play, and BlackBasta. LockBit, Hive, Cuba, BlackCat, and Ragna were still in business (and still asking for ransom payments) at the end of 2022.

Permalink to story.

 

wiyosaya

Posts: 8,408   +7,842
Its about time people got smart and refuse to pay ransoms for their data. Having been through this where I work, recovery is not impossible as we had many redundant sources of data, some of my colleagues were able to defeat the "encryption" on their PCs, and my PC did not get hit since I turn it off every night and have the bios set to turn my PC on every morning. My work PC just happened to be off at the crucial time when the ransomware was propagating through our network.
 

Theinsanegamer

Posts: 3,950   +6,951
Its about time people got smart and refuse to pay ransoms for their data. Having been through this where I work, recovery is not impossible as we had many redundant sources of data, some of my colleagues were able to defeat the "encryption" on their PCs, and my PC did not get hit since I turn it off every night and have the bios set to turn my PC on every morning. My work PC just happened to be off at the crucial time when the ransomware was propagating through our network.
We got hit at work, and since we had a secondary cold filestore server, even though they hit our live backups we simply restored our 100+ server network from the cold storage and were back up and running in a couple weeks.

sure was a LOT cheaper then the 12+ BTC they were asking for.
 

Bullwinkle M

Posts: 847   +767
A proper fileserver and backup system is a lot cheaper then crypto ransoms.

Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
 

y6Tq2RGXEejb

Posts: 58   +69
Hells yea! We conduct cyber tabletop exercises for our clients and any day they refuse to pay the hypothetical attacker is a good day.
 

Kashim

Posts: 204   +260
Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
Yes, this is an awesome idea. We should all switch back to Window XP, an operating system Microsoft stopped updating or supporting 9 years ago. I mean, YOU didn't have a malware problem with it, so it must be the most secure operating system out there. Better yet, don't even connect your computer to the internet and you'll be 100% safe.

PS. I've been running Windows 3.1 myself for 20 years now, not a single malware problem!
 

Bullwinkle M

Posts: 847   +767
"
Yes, this is an awesome idea. We should all switch back to Window XP, an operating system Microsoft stopped updating or supporting 9 years ago. I mean, YOU didn't have a malware problem with it, so it must be the most secure operating system out there. Better yet, don't even connect your computer to the internet and you'll be 100% safe.

PS. I've been running Windows 3.1 myself for 20 years now, not a single malware problem!
"My" ability to not have a problem with it does not mean that "YOU" will not have a problem with it

"MY" copy of XP is however the most secure version of Windows ever made when in "MY" hands, which 9+ years using it to study malware online has clearly shown

It does not mean that everyone should try to duplicate my results, as results will vary per user
 

bviktor

Posts: 1,152   +1,684
It's probably not about "not choosing" to be blackmailed, they probably got their backup&restore strategies right...
 

Sir Sparkles

Posts: 144   +70
Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
I sysadmin ~200 computers running modern OS's, running modern applications that require high performance on modern hardware, with modern secure networking, with each PC having a different user, and we haven't seen any malware infections in over a decade.

Consider your old obsolete standalone box beat.
 

Bullwinkle M

Posts: 847   +767
I sysadmin ~200 computers running modern OS's, running modern applications that require high performance on modern hardware, with modern secure networking, with each PC having a different user, and we haven't seen any malware infections in over a decade.

Consider your old obsolete standalone box beat.
Really?

How did you close the permanent backdoors through the Windows 10 and 11 firewalls without Microsoft's source-code and permission?

The new Microsoft firewalls cannot be replaced by an aftermarket software firewall

You can download a pretty front-end for the Microsoft firewall, like Glasswire, but you cannot replace it or close the backdoors

Did you run Linux instead?

My old box will only be beat with a newer version of Windows when you actually beat it!

Keep trying though

Zero Trust Security means "NOT Trusting Microsoft"