Cyber Criminals' Earnings Fall As More Ransom Victims Refuse Payment 

Uploaded on 2023-02-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber criminals have experienced a 40% drop in their theft earnings as victims refuse to pay the criminals the ransom demanded and crypto currency experts at Chainalysis say ransomware groups extorted at least $457m (£370m) from victims in 2022, which is $311m less than the year before. 

The true figures are likely to be higher as many refuse to admit they are paying ransom fees, but experts still agree that fewer victims are paying the ransom money being asked for.  However, while there has been a drop in criminal revenue, the number of attacks is still rising.

Following sharp law enforcement action against the DarkSide and Conti ransomware groups, some hacking criminal operations have changed their methods and seem to have become cautious about getting involved in the sort high profile attacks that could lead to increased geopolitical pressure and attention from law enforcement agencies. 

Many of the ransomware criminals are thought to be based in Russia - althoughRussian government sources consistently deny their country is a haven for hackers.  

Recent high-profile victims has included The Guardian newspaper, the Royal Mail delivery company and a number of British schools. Companies, governments, schools and even hospitals around the world are regularly falling victim to ransomware hackers, who lock staff out of their IT systems until a ransom is paid, usually in Bitcoin. 

Ransomware attacks prevent victims accessing computer systems or data until a ransom is paid it is said, however police agencies around the world are increasingly urging victims not to pay.

The hackers often threaten to publish or sell the stolen data unless they are paid in Bitcoin and the analysts at Chainalysis have been tracking the money flowing in and out of Bitcoin wallets which are known to be owned by ransomware gangs and they say there is clear trend - ransomware payments are significantly down. 

Criminals now seem to be carrying out a greater number of smaller attacks instead of going after large  targets, where large payments are more likely.

Despite the drop in revenue, the number of unique ransomware strains being used in attacks reportedly increased dramatically in 2022. Research from Fortinet has found that more than 10,000 unique types of the malicious software were active in the first half of 2022. The growth in the number of attacks last year could be connected with enforcement actions, mainly by the US authorities, which caused some of the largest ransomware groups to disband.

Paying ransoms is not illegal and many organisations pay in secret, however, paying the ransom doesn't guarantee the victims that their network will be restored and paying ransome does encourage the perpetrators target more companies with the file-encrypting malware. For organisations that are hit by a ransomware attack, there are a number of hard choices that need to be made, and one of the most difficult is whether or not to pay the ransom. 

IBM researchers have analysed the impact the decision-making process of organisations that had suffered a successful ransomware attack and concluded that paying the extortionists is not generally a good idea. Less than 60% of organisations that paid the demanded ransom were able to recover even part of their data and 39% of companies that pay a ransom never see any of their data again. 

National Crime Agency:    Fortinet:    Graphus AI:    Coverware:       BBC:       BBC:    ZDNet:   

You Might Also Read: 

Crackdown On Ransomware Criminals:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Technology Is Disrupting Intelligence & Espionage
Illegal Crypto Transactions Reach A New Peak »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

National Cybersecurity Agency (ANCI) - Chile

National Cybersecurity Agency (ANCI) - Chile

ANCI (Agencia Nacional de Ciberseguridad) is the National Cybersecurity Agency of Chile.

Kosmic Eye

Kosmic Eye

Kosmic Eye is a cutting-edge platform that provides Unified Security Posture Management (USPM) powered by the latest in AI, quantum computing, and agentic intelligence.

Whisper

Whisper

Whisper was built to shift cybersecurity from reactive to predictive. Our mission is to stop cybercrime by helping organizations anticipate threats before damage occurs.