Briefly: Ransomware-type malware threats encrypt files and then demand victims to pay cryptocurrency if they want their data back. However, in 2022, the market is beginning to change as fewer and fewer companies choose extortion.
According to data provided by blockchain analysis firm Chainalysis, ransomware revenue for 2022 shrank from $765.6 million to at least $456.8 million, or a 40.3% year-on-year decline. The scale of attacks is more impressive than ever, but the number of victims who refuse to pay the ransom has also increased.
Working with Coveware, sequence analysis has seen A sharp drop in the number of ransomware victims willing to pay: they were 76% in 2019 but only 41% in 2022. It’s a “very encouraging” trend, says Chainalysis, likely influenced by various reasons.
Ransomware victims have come to realize that even if they pay the ransom, there is no guarantee that they will recover their data or that a ransomware representative will delete the “stolen” files without selling them to third parties on the dark web. Public perception of the ransomware phenomenon has also matured, so data leaks do not carry the same risks to brand reputation as in the past few years.
Corporations and public organizations, which are the main targets of modern ransomware operations, have also developed better backup strategies, so that data recovery is much easier than it was just a couple of years ago.
Insurance companies are also less likely to allow their customers to use insurance payments to satisfy the ransom demand. Finally, since many ransomware operations are located in Russia, victims who decide to pay may face the harsh legal consequences imposed on the country by economic sanctions after the invasion of Ukraine.
Even though victims don’t pay as much as they did before, the ransomware business is pretty much dead: in 2022, the average lifespan of file encrypting malware strains has dropped from 153 days to just 70 days over the course of a year. The “Conti” ransomware process ended while other ransomware processes ran as a-service (raas), including Royal, Play, and BlackBasta. LockBit, Hive, Cuba, BlackCat, and Ragna were still operating (and still asking for ransom payments) at the end of 2022.