Ransomware Attacks, Payments Declined In 2022: Report

CRN reports:

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022's total ransomware revenue 'fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%.' And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes 'signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts,' including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal:
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware.... 'It reflects, I think, the pivot that we have made to a posture where we're on our front foot,' Deputy Attorney General Lisa Monaco said in an interview. 'We're focusing on making sure we're doing everything to prevent the attacks in the first place.'

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands.... And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group's decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

Read more of this story at Slashdot.