Ransomware Victims Are Less Likely to Pay Hackers

According to statistics from Coveware, victims have become less likely to pay hackers: ransom paid to ransomware operators has been declining since the last quarter of 2021.

Thus, in the second quarter of 2022, the average ransom amount was $228,125 (8% more than in the first quarter of 2022). However, the median ransom was only $36,360, down 51% from the previous quarter.

Let me remind you that we also wrote that North Korean Ransomware Maui Attacks Healthcare Companies.

According to Coveware analysts, the downward trend began at the end of last year, when there was a peak in payments to ransomware operators on both the average ($332,168) and median ($117,116) values.

Victims are less likely to pay
Payment amounts

The researchers explain that RaaS operators and developers are attacking medium-sized companies and organizations, as this is associated with fewer risks. In addition, experts speak of an “encouraging trend” when large companies simply refuse to negotiate with attackers if they demand incredibly large ransoms.

This quarter, the average size of a victim company dropped even further this quarter, Coveware said, as hackers are now looking for smaller but financially healthy organizations to run their operations.

Victims are less likely to pay
Victim company sizes

Analysts emphasize that in many cases, attackers still continue to extort or publish files stolen from the company even after receiving a ransom. In many cases, data theft was the main method of extortion at all, that is, many incidents were not related to file encryption. This resulted in the average downtime due to ransomware attacks being reduced to 24 days, down 8% from Q1 2022.

The list of the most active ransomware groups in Q2 was led by BlackCat (aka ALPHV), which accounted for 16.9% of all known attacks, followed by LockBit, which accounted for 13.1% of incidents.

Victims are less likely to pay

Another new trend has been the creation of many small RaaS-operations (ransomware-as-a-service), in which attackers attract “partners” from recently defunct syndicates and perform lower-level opportunistic attacks.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button