News

Ransomware Victims Are Less Likely to Pay Hackers

According to statistics from Coveware, victims have become less likely to pay hackers: ransom paid to ransomware operators has been declining since the last quarter of 2021.

Thus, in the second quarter of 2022, the average ransom amount was $228,125 (8% more than in the first quarter of 2022). However, the median ransom was only $36,360, down 51% from the previous quarter.

Let me remind you that we also wrote that North Korean Ransomware Maui Attacks Healthcare Companies.

According to Coveware analysts, the downward trend began at the end of last year, when there was a peak in payments to ransomware operators on both the average ($332,168) and median ($117,116) values.


Payment amounts

The researchers explain that RaaS operators and developers are attacking medium-sized companies and organizations, as this is associated with fewer risks. In addition, experts speak of an “encouraging trend” when large companies simply refuse to negotiate with attackers if they demand incredibly large ransoms.

This quarter, the average size of a victim company dropped even further this quarter, Coveware said, as hackers are now looking for smaller but financially healthy organizations to run their operations.


Victim company sizes

Analysts emphasize that in many cases, attackers still continue to extort or publish files stolen from the company even after receiving a ransom. In many cases, data theft was the main method of extortion at all, that is, many incidents were not related to file encryption. This resulted in the average downtime due to ransomware attacks being reduced to 24 days, down 8% from Q1 2022.

The list of the most active ransomware groups in Q2 was led by BlackCat (aka ALPHV), which accounted for 16.9% of all known attacks, followed by LockBit, which accounted for 13.1% of incidents.

Another new trend has been the creation of many small RaaS-operations (ransomware-as-a-service), in which attackers attract “partners” from recently defunct syndicates and perform lower-level opportunistic attacks.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago