Skip to main content
  1. Home
  2. Computing
  3. News

Ransomware victims are refusing to pay — but is it working?

Add as a preferred source on Google

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

As reported by Bleeping Computer, the average payment pertaining to ransomware demands has indeed increased. However, the median value of these payments have decreased in a big way.

Recommended Videos

During 2022’s second quarter, the mean average ransom payment totalled $228,125, representing an 8% increase compared to the first quarter of this year.

The median ransom payment value, however, came to $36,360 — that’s a staggering 51% drop when compared to the first quarter of 2022.

The aforementioned fall in value follows consistent drops since the first quarter of 2021. That specific period saw average ransomware payments reach new highs ($332,168), while the median value reached a peak of $117,116. That said, this state of affairs was undoubtedly aided by the pandemic and the rise of individuals using their systems at home.

“This trend reflects the shift of RaaS affiliates and developers toward the mid-market where the risk-to-reward profile of attack is more consistent and less risky than high profile attacks,” Coveware said in its findings.

Coveware also mentioned how large corporations are not entertaining any ransom demands solely due to the amount. “We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

A system hacked warning alert being displayed on a computer screen.
Getty Images

A shift in strategy

Hackers have increasingly shifted their efforts and focus toward smaller organizations that are delivering positive financial results, which is reflected by the fact that the median size of companies affected by ransomware fell during 2022’s second quarter.

Elsewhere, the most popular choices for ransomware list within the report show a few familiar names from the hacking scene. BlackCat controls 16.9% of the ransomware attacks, while LockBit 2.0 accounts for another sizable chunk (13.1%).

As for all the recent shutdowns of ransomware gangs, the individuals from these groups have turned to lower-tier attacks, which has subsequently aided various smaller ransomware-as-a-service (RaaS) operations popping up.

The report also revealed how the double extortion method — a way to threaten targets that their stolen files will be leaked before the encryption process — is still a favored scare tactic among threat actors, with 86% of the reported cases associated with this specific strategy.

For a considerable number of these cases, hackers will continue with their extortion schemes or leak the files they’ve obtained even if they’ve received the ransom payment.

If you’ve been a victim of ransomware, then be sure to seek the services of this anti-hacker group that provides free decryptors.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more