Ransomware victims are finally refusing to pay up

A

Alfonso Maruccia

Posts: 1,037   +302
Staff
In brief: Ransomware-type malware threats encrypt files and then ask the victims to pay cryptocurrency if they want to get their data back. In 2022, however, the market started to change as fewer and fewer companies chose to be blackmailed.

According to data provided by blockchain analysis firm Chainalysis, ransomware revenues for 2022 have shrunk from $765.6 million to at least $456.8 million, or a -40.3% drop year-over-year. The volume of attacks is as impressive as ever, but the number of victims that refuse to pay the ransom has grown as well.

Working with Coveware, Chainalysis has seen a sharp reduction in the number of ransomware victims willing to pay: they were 76% in 2019 but just 41% in 2022. It's a "highly encouraging" trend, Chainalysis says, likely influenced by different reasons.

Ransomware victims have realized that even if they pay the ransom, there's no guarantee they will get their data back or that the ransomware actor will delete the "stolen" files without selling them to third parties on the dark web. The public perception of the ransomware phenomenon has matured as well, so data leaks don't carry the same risks for brand reputation of the last few years.

Companies and public organizations, which are the main targets of modern ransomware operations, have developed better backup strategies as well, so that data recovery is a much cleaner and easier affair than it was just a couple of years ago.

Insurance companies are also much less likely to allow their clients to use an insurance payout to fulfill a ransom request. Finally, as many ransomware operations are based in Russia, victims who decide to pay could face the harsh legal consequences brought by the economic sanctions against the country after the invasion of Ukraine.

Even though the victims are not paying as much as before, the ransomware business is anything but dead: in 2022, the average lifespan of file encrypting-malware strains has dropped from 153 days to just 70 days year-over-year. The "Conti" ransomware operation came to an end while other ransomware-as-a-service (raas) operations went live, including Royal, Play, and BlackBasta. LockBit, Hive, Cuba, BlackCat, and Ragna were still in business (and still asking for ransom payments) at the end of 2022.

Permalink to story.

https://www.techspot.com/news/97326-ransomware-victims-finally-refusing-pay-up.html

 
Its about time people got smart and refuse to pay ransoms for their data. Having been through this where I work, recovery is not impossible as we had many redundant sources of data, some of my colleagues were able to defeat the "encryption" on their PCs, and my PC did not get hit since I turn it off every night and have the bios set to turn my PC on every morning. My work PC just happened to be off at the crucial time when the ransomware was propagating through our network.
 
wiyosaya said:
Its about time people got smart and refuse to pay ransoms for their data. Having been through this where I work, recovery is not impossible as we had many redundant sources of data, some of my colleagues were able to defeat the "encryption" on their PCs, and my PC did not get hit since I turn it off every night and have the bios set to turn my PC on every morning. My work PC just happened to be off at the crucial time when the ransomware was propagating through our network.
Click to expand...
We got hit at work, and since we had a secondary cold filestore server, even though they hit our live backups we simply restored our 100+ server network from the cold storage and were back up and running in a couple weeks.

sure was a LOT cheaper then the 12+ BTC they were asking for.
 
Theinsanegamer said:
A proper fileserver and backup system is a lot cheaper then crypto ransoms.
Click to expand...

Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
 
Hells yea! We conduct cyber tabletop exercises for our clients and any day they refuse to pay the hypothetical attacker is a good day.
 
Bullwinkle M said:
Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
Click to expand...
Yes, this is an awesome idea. We should all switch back to Window XP, an operating system Microsoft stopped updating or supporting 9 years ago. I mean, YOU didn't have a malware problem with it, so it must be the most secure operating system out there. Better yet, don't even connect your computer to the internet and you'll be 100% safe.

PS. I've been running Windows 3.1 myself for 20 years now, not a single malware problem!
 
"
Kashim said:
Yes, this is an awesome idea. We should all switch back to Window XP, an operating system Microsoft stopped updating or supporting 9 years ago. I mean, YOU didn't have a malware problem with it, so it must be the most secure operating system out there. Better yet, don't even connect your computer to the internet and you'll be 100% safe.

PS. I've been running Windows 3.1 myself for 20 years now, not a single malware problem!
Click to expand...
"My" ability to not have a problem with it does not mean that "YOU" will not have a problem with it

"MY" copy of XP is however the most secure version of Windows ever made when in "MY" hands, which 9+ years using it to study malware online has clearly shown

It does not mean that everyone should try to duplicate my results, as results will vary per user
 
It's probably not about "not choosing" to be blackmailed, they probably got their backup&restore strategies right...
 
Bullwinkle M said:
Yeah, but......
A properly configured copy of Windows XP that prevents me from ever getting a ransomware problem in the first place is a lot cheaper than your fileserver and backup system too

Now 9 years online without a single malware problem of any type running XP-SP2 in a full admin account without a single Microsoft security update!

Beat that
Click to expand...
I sysadmin ~200 computers running modern OS's, running modern applications that require high performance on modern hardware, with modern secure networking, with each PC having a different user, and we haven't seen any malware infections in over a decade.

Consider your old obsolete standalone box beat.
 
Sir Sparkles said:
I sysadmin ~200 computers running modern OS's, running modern applications that require high performance on modern hardware, with modern secure networking, with each PC having a different user, and we haven't seen any malware infections in over a decade.

Consider your old obsolete standalone box beat.
Click to expand...
Really?

How did you close the permanent backdoors through the Windows 10 and 11 firewalls without Microsoft's source-code and permission?

The new Microsoft firewalls cannot be replaced by an aftermarket software firewall

You can download a pretty front-end for the Microsoft firewall, like Glasswire, but you cannot replace it or close the backdoors

Did you run Linux instead?

My old box will only be beat with a newer version of Windows when you actually beat it!

Keep trying though

Zero Trust Security means "NOT Trusting Microsoft"
 
You must log in or register to reply here.

Similar threads

A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
160
brucek
brucek
midian182
US-led alliance of 40+ countries pledges not to pay ransomware criminals
Replies
5
Views
308
AlexIL
A
midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
177
Uncle Al
Uncle Al

Latest posts

Back