Skip to main content

Ransomware victims are refusing to pay — but is it working?

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

As reported by Bleeping Computer, the average payment pertaining to ransomware demands has indeed increased. However, the median value of these payments have decreased in a big way.

During 2022’s second quarter, the mean average ransom payment totalled $228,125, representing an 8% increase compared to the first quarter of this year.

The median ransom payment value, however, came to $36,360 — that’s a staggering 51% drop when compared to the first quarter of 2022.

The aforementioned fall in value follows consistent drops since the first quarter of 2021. That specific period saw average ransomware payments reach new highs ($332,168), while the median value reached a peak of $117,116. That said, this state of affairs was undoubtedly aided by the pandemic and the rise of individuals using their systems at home.

“This trend reflects the shift of RaaS affiliates and developers toward the mid-market where the risk-to-reward profile of attack is more consistent and less risky than high profile attacks,” Coveware said in its findings.

Coveware also mentioned how large corporations are not entertaining any ransom demands solely due to the amount. “We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

A system hacked warning alert being displayed on a computer screen.
Getty Images

A shift in strategy

Hackers have increasingly shifted their efforts and focus toward smaller organizations that are delivering positive financial results, which is reflected by the fact that the median size of companies affected by ransomware fell during 2022’s second quarter.

Elsewhere, the most popular choices for ransomware list within the report show a few familiar names from the hacking scene. BlackCat controls 16.9% of the ransomware attacks, while LockBit 2.0 accounts for another sizable chunk (13.1%).

As for all the recent shutdowns of ransomware gangs, the individuals from these groups have turned to lower-tier attacks, which has subsequently aided various smaller ransomware-as-a-service (RaaS) operations popping up.

The report also revealed how the double extortion method — a way to threaten targets that their stolen files will be leaked before the encryption process — is still a favored scare tactic among threat actors, with 86% of the reported cases associated with this specific strategy.

For a considerable number of these cases, hackers will continue with their extortion schemes or leak the files they’ve obtained even if they’ve received the ransom payment.

If you’ve been a victim of ransomware, then be sure to seek the services of this anti-hacker group that provides free decryptors.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.

According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail, and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.

Read more
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more