Ransomware Payments Plummet As Fewer Victims Cough Up Crypto To Hackers
Ransomware can be both disruptive and costly for its victims. A recent report found that the total downtime resulting from ransomware attacks in 2021 cost schools a whopping $3.56 billion. The sudden encryption of data on computer systems critical to an organization’s regular operations presents a major problem when decryption tools are not publicly available. Ransomware gangs leverage the disruptions and costs inflicted by ransomware to extort money from their victims by offering to decrypt effected data in exchange for a ransom. Ransomware presents a social dilemma for current and future victims: so long as ransomware victims continue to pay the ransoms, ransomware will continue to persist. Fortunately, there looks to be some good news on this front. A report by Coveware shows that ransomware payments are on the decline.
Meeting these groups’ demands is not always a quick and easy way to recover encrypted data and return to normal operations. Abraham Lincoln College was hit by a ransomware attack in December 2021 that spelled doom for the school. Even though the college paid the attacker’s ransom, it took months to fully restore the school’s computer systems. This lengthy disruption to the institution’s operations tanked enrollment for the following year, forcing the college to shut down.
Meeting these groups’ demands is not always a quick and easy way to recover encrypted data and return to normal operations. Abraham Lincoln College was hit by a ransomware attack in December 2021 that spelled doom for the school. Even though the college paid the attacker’s ransom, it took months to fully restore the school’s computer systems. This lengthy disruption to the institution’s operations tanked enrollment for the following year, forcing the college to shut down.
However, the outlook on ransomware is not all doom and gloom. According to Coveware's report, while the average ransom payment in Q2 2022 of $228,125 is up 8% from the previous quarter, this average is skewed by some high paying outliers. The median, which corrects for these outliers, stands at $36,360 for Q2 2022, making for a 51% decrease from Q1.
Looking at the chart above, this decrease in median ransom payments may be the beginning of a trend. The median ransomware payment in Q1 2022 was already down from Q4 2021, so this further decrease in Q2 2022 is great news. We hope that organizations are learning that the best strategy for dealing with ransomware attacks is not to pay the ransoms. This strategy could, when widely employed, drive down the price of ransoms demanded by attackers.
Coveware’s report highlights Florida and North Carolina’s newly imposed bans on municipal organizations paying ransoms. This sort of preventative measure could be instrumental in reducing the profitability and prevalence of ransomware attacks. Coveware also points out that ransomware gangs often do not follow through on their promises not to publicly release data exfiltrated from their victims’ computer systems, so organizations should stop paying ransoms in the hopes that the attackers will delete stolen information.
Looking at the chart above, this decrease in median ransom payments may be the beginning of a trend. The median ransomware payment in Q1 2022 was already down from Q4 2021, so this further decrease in Q2 2022 is great news. We hope that organizations are learning that the best strategy for dealing with ransomware attacks is not to pay the ransoms. This strategy could, when widely employed, drive down the price of ransoms demanded by attackers.
Coveware’s report highlights Florida and North Carolina’s newly imposed bans on municipal organizations paying ransoms. This sort of preventative measure could be instrumental in reducing the profitability and prevalence of ransomware attacks. Coveware also points out that ransomware gangs often do not follow through on their promises not to publicly release data exfiltrated from their victims’ computer systems, so organizations should stop paying ransoms in the hopes that the attackers will delete stolen information.
