While ransomware attacks remain highly dangerous, data from a prominent insurer suggests that their frequency and severity is beginning to decline. Credit: Huawei Ransomware attacks began to become both less common and less costly in the first half of 2022, as payments to attackers and the number of attacks that resulted in paid ransoms both shrank, according to new data released today by cyberinsurance company Coalition.After increasing sharply at the outset of the pandemic, the frequency of ransomware claims made by Coalition policyholders shrank sharply during the first six months of the year, dropping from a peak of 0.66% of all policyholders in the second half of last year to 0.41% in early 2022—a figure lower than the initial 0.44% seen in 2020’s second half, when the COVID crisis was at its height.Part of the reason for this decline, according to the Coalition report, is the growing prevalence of offline backup systems at major companies, which means that more ransomware targets can simply restore their data without having to engage with their attackers. Additionally, the company said, outside sources like recovery services provider Coveware and Verizon indicate that the average size of a ransomware payoff has declined precipitously in recent months. Strategy of ransomware groups evolveIt’s important to note, however, that the organized groups behind many of the most prominent ransomware attacks have constantly evolving strategies, Coalition said. “Over the last three years, cyberattacks have evolved into a viable criminal business model with threat actor groups such as Conti, Lockbit, and Hive continuing to make headlines,” the report said.Moreover, one of those evolutions seems to be a shift toward targeting smaller businesses, which are often less able to cope with the consequences of ransomware attacks. The average cost of a cyberincident claim for a small business in the first half of 2022 was $139,000—a hefty sum for a small company. “Cyberincidents have the power to put very small organizations out of business,” Coalition warned.Gartner senior director analyst Jon Amato agreed that, while ransomware is somewhat in decline, it remains a “profit center” for cybercriminals, and is still a critical danger to vulnerable organizations.“Tamper-resistant backups and better detection methods have helped here, as have legislative solutions banning or strictly regulating ransom payment,” he said. “In addition, many organizations (both in the public and private sectors) have simply taken the position that they will not pay under any circumstances.”Amato noted that related attack techniques, which don’t rely on completely locking victims out of their systems, can be more difficult to deter with purely technical solutions.“For example, data exfiltration and the threat of sensitive data disclosure is becoming an increasingly prevalent attack technique, which can in some cases make having good backups and recovery processes irrelevant to the pay/no-pay decision,” he said. Related content news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe