Skip to main content

Ransomware victims are refusing to pay — but is it working?

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

As reported by Bleeping Computer, the average payment pertaining to ransomware demands has indeed increased. However, the median value of these payments have decreased in a big way.

During 2022’s second quarter, the mean average ransom payment totalled $228,125, representing an 8% increase compared to the first quarter of this year.

The median ransom payment value, however, came to $36,360 — that’s a staggering 51% drop when compared to the first quarter of 2022.

The aforementioned fall in value follows consistent drops since the first quarter of 2021. That specific period saw average ransomware payments reach new highs ($332,168), while the median value reached a peak of $117,116. That said, this state of affairs was undoubtedly aided by the pandemic and the rise of individuals using their systems at home.

“This trend reflects the shift of RaaS affiliates and developers toward the mid-market where the risk-to-reward profile of attack is more consistent and less risky than high profile attacks,” Coveware said in its findings.

Coveware also mentioned how large corporations are not entertaining any ransom demands solely due to the amount. “We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

A system hacked warning alert being displayed on a computer screen.
Getty Images

A shift in strategy

Hackers have increasingly shifted their efforts and focus toward smaller organizations that are delivering positive financial results, which is reflected by the fact that the median size of companies affected by ransomware fell during 2022’s second quarter.

Elsewhere, the most popular choices for ransomware list within the report show a few familiar names from the hacking scene. BlackCat controls 16.9% of the ransomware attacks, while LockBit 2.0 accounts for another sizable chunk (13.1%).

As for all the recent shutdowns of ransomware gangs, the individuals from these groups have turned to lower-tier attacks, which has subsequently aided various smaller ransomware-as-a-service (RaaS) operations popping up.

The report also revealed how the double extortion method — a way to threaten targets that their stolen files will be leaked before the encryption process — is still a favored scare tactic among threat actors, with 86% of the reported cases associated with this specific strategy.

For a considerable number of these cases, hackers will continue with their extortion schemes or leak the files they’ve obtained even if they’ve received the ransom payment.

If you’ve been a victim of ransomware, then be sure to seek the services of this anti-hacker group that provides free decryptors.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
This clever browser extension could banish viruses for good
A person using a laptop on a desk with a web browser showing the HubSpot marketplace on their screen.

With all the viruses, phishing scams and other malware lurking on the internet, using a web browser can be risky business these days. But one firm thinks it could make your web surfing much safer without adding any hassle.

A company named SquareX has just raised $6 million to develop an extension that would create virtual sandboxes within your web browser. Any time you’re tempted to open a file or click a link that comes from an unknown sender or could potentially pose a threat, SquareX’s extension would step in and let you open it in a kind of disposable browser.

Read more
FBI disables Russian malware operation targeting foreign governments
An Illustration shows a programmer busy with a laptop and several monitors.

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the "premier cyberespionage malware" of Russia's Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more