Skip to main content

Ransomware victims are refusing to pay — but is it working?

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

As reported by Bleeping Computer, the average payment pertaining to ransomware demands has indeed increased. However, the median value of these payments have decreased in a big way.

Recommended Videos

During 2022’s second quarter, the mean average ransom payment totalled $228,125, representing an 8% increase compared to the first quarter of this year.

The median ransom payment value, however, came to $36,360 — that’s a staggering 51% drop when compared to the first quarter of 2022.

The aforementioned fall in value follows consistent drops since the first quarter of 2021. That specific period saw average ransomware payments reach new highs ($332,168), while the median value reached a peak of $117,116. That said, this state of affairs was undoubtedly aided by the pandemic and the rise of individuals using their systems at home.

“This trend reflects the shift of RaaS affiliates and developers toward the mid-market where the risk-to-reward profile of attack is more consistent and less risky than high profile attacks,” Coveware said in its findings.

Coveware also mentioned how large corporations are not entertaining any ransom demands solely due to the amount. “We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

A system hacked warning alert being displayed on a computer screen.
Getty Images

A shift in strategy

Hackers have increasingly shifted their efforts and focus toward smaller organizations that are delivering positive financial results, which is reflected by the fact that the median size of companies affected by ransomware fell during 2022’s second quarter.

Elsewhere, the most popular choices for ransomware list within the report show a few familiar names from the hacking scene. BlackCat controls 16.9% of the ransomware attacks, while LockBit 2.0 accounts for another sizable chunk (13.1%).

As for all the recent shutdowns of ransomware gangs, the individuals from these groups have turned to lower-tier attacks, which has subsequently aided various smaller ransomware-as-a-service (RaaS) operations popping up.

The report also revealed how the double extortion method — a way to threaten targets that their stolen files will be leaked before the encryption process — is still a favored scare tactic among threat actors, with 86% of the reported cases associated with this specific strategy.

For a considerable number of these cases, hackers will continue with their extortion schemes or leak the files they’ve obtained even if they’ve received the ransom payment.

If you’ve been a victim of ransomware, then be sure to seek the services of this anti-hacker group that provides free decryptors.

Zak Islam
Former Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
5 VPNs you should use instead of ExpressVPN or NordVPN
The ExpressVPN app on Android.

If you're in the market for a VPN, you've probably considered ExpressVPN and NordVPN. They're the darling of YouTube ads the world over, and you'll commonly find the names side-by-side on top of the list of the best VPNs (including our own). They are indeed some of the best VPN services you can buy, but they aren't necessarily the right choice for everyone.

Both are among the most expensive VPN services around, and in the case of NordVPN, a 2019 data center breach has left some lingering questions about the security of the service. Regardless of if you're concerned about your security or just want to save a bit of money, here are five VPNs you should keep in mind.
Surfshark

Read more
Google is cracking down on internet security in this big way
Connection is not private warning from Google.

Google is making some serious changes to digital certificate security on the web, the company announced on its Security blog. The big news is that Google will no longer trust certificates from two large security firms -- Entrust or AffirmTrust -- due to repeated security lapses.

According to Google, the companies, which are Certificate Authorities (CA), have demonstrated patterns of unmet improvement commitments, compliance failures, and no measurable progress in how fast the company responds to publicly disclosed incident reports.

Read more
Your PC’s security is being attacked on two new fronts
Person using Windows 11 laptop on their lap by the window.

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features -- one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a "clever" way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Read more