Ransomware attacks began to become both less common and less costly in the first half of 2022, as payments to attackers and the number of attacks that resulted in paid ransoms both shrank, according to new data released today by cyber insurance company Coalition.
After increasing sharply at the outset of the pandemic, the frequency of ransomware claims made by Coalition policyholders shrank sharply during the first six months of the year, dropping from a peak of 0.66 per cent of all policyholders in the second half of last year to 0.41 per cent in early 2022 — a figure lower than the initial 0.44 per cent seen in 2020’s second half, when the COVID crisis was at its height.
Part of the reason for this decline, according to the Coalition report, is the growing prevalence of offline back-up systems at major companies, which means that more ransomware targets can simply restore their data without having to engage with their attackers.
Additionally, the company said, outside sources like recovery services provider Coveware and Verizon indicate that the average size of a ransomware payoff has declined precipitously in recent months.
Strategy of ransomware groups evolve
It's important to note, however, that the organised groups behind many of the most prominent ransomware attacks have constantly evolving strategies, Coalition said.
“Over the last three years, cyber attacks have evolved into a viable criminal business model with threat actor groups such as Conti, Lockbit, and Hive continuing to make headlines,” the report said.
Moreover, one of those evolutions seems to be a shift toward targeting smaller businesses, which are often less able to cope with the consequences of ransomware attacks. The average cost of a cyber incident claim for a small business in the first half of 2022 was $139,000 — a hefty sum for a small company.
“Cyber incidents have the power to put very small organisations out of business,” Coalition warned.
Gartner senior director analyst Jon Amato agreed that, while ransomware is somewhat in decline, it remains a “profit center” for cyber criminals, and is still a critical danger to vulnerable organisations.
“Tamper-resistant back-ups and better detection methods have helped here, as have legislative solutions banning or strictly regulating ransom payment,” he said. “In addition, many organisations (both in the public and private sectors) have simply taken the position that they will not pay under any circumstances.”
Amato noted that related attack techniques, which don’t rely on completely locking victims out of their systems, can be more difficult to deter with purely technical solutions.
“For example, data exfiltration and the threat of sensitive data disclosure is becoming an increasingly prevalent attack technique, which can in some cases make having good backups and recovery processes irrelevant to the pay/no-pay decision,” he said.