Ransomware demands are growing, but life is getting tougher for malware gangs
Victims of ransomware attacks are paying higher ransoms than ever before, but there are signs that organisations are starting to take heed of cybersecurity advice, making them more resilient to cyber criminals.
According to analysis by cybersecurity researchers at Sophos, the average ransom payment made by victims to choose to pay cyber criminals for a decryption key to restore their files and servers following a successful ransomware attack has increased to $812,260 – an almost five-fold increase compared with the 2020 average of $170,000.
And the proportion of victims who pay ransoms of over $1 million has also risen substantially, up from 4% of ransom payments in 2020 to 11% in 2021 – meaning one in ten successful ransomware attacks is providing cyber criminals with a million dollar pay day.
According to analysis by Sophos, just under half of ransomware victims pay the ransom, perceiving it to be the quickest way to restore the network – even though decryption keys provided by cyber criminals can’t be trusted and paying a ransom might just show that the victim is an easy target who could be extorted again.
Ransomware attacks continue to be successful because cyber criminals can still exploit common cybersecurity vulnerabilities to enter networks and carry out campaigns. But while ransomware is still a major cybersecurity issue, there are signs that the situation could be about to get better.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
“I’m a little optimistic for the first time in years about ransomware – I think we might be at the peak of our worst right now and I’m hoping we start to turn a corner,” Chester Wisniewski, principal research scientist at Sophos told ZDNet, citing how government bodies like the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) have stepped in in “a meaningful way” to provide accessible and useful advice on how to improve cybersecurity.
“The advice they’re giving and the things they’re doing are actually helping – I don’t think enough organisations are listening to them yet, but at least the resources are accessible, approachable and usable, so it’s a good start,” he said
In addition to this, cyber insurance providers are demanding better security preparations from companies before issuing policies, while Wisniewski says the US sanctions against Russia following its invasion of Ukraine has had an impact on American businesses which do not want to pay ransoms to cyber criminals who are often working out of that region.
“We’re seeing it being a really serious motivator for American companies and insurance companies to not pay ransoms,” said Wisniewski
But while there are some encouraging signs, it’s unlikely ransomware is going away anytime soon.
The reason ransomware is so lucrative for cyber criminals is because there are victims who pay the ransoms. And if there are organisations out there who are vulnerable to cyber attacks and are still willing to pay six-figure ransom demands, there’s always going to be ransomware groups trying to exploit this.
“I don’t think you’re ever going to deter the hardcore ransomware groups because there’s too much money to be made when they’re getting multi-million dollar hits,” said Wisniewski.
“Crooks aren’t going to walk away from that, even if it’s a one in twenty chance – it’s still a million dollars,” he added.
MORE ON CYBERSECURITY