Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021.
Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the average payment increased, the median value recorded a significant drop.
In Q2 2022, the average ransom payment was $228,125 (up by 8% from Q1 ‘22). However, the median ransom payment was $36,360, a steep fall of 51% compared to the previous quarter.
This continues a downward trend since Q4 2021, which represented a peak in ransomware payments both average ($332,168) and median ($117,116).
Ransom payment trends from 2018 to 2022 (Coveware)
“This trend reflects the shift of RaaS affiliates and developers towards the mid-market where the risk to reward profile of attack is more consistent and less risky than high profile attacks,” comments Coveware in the report.
“We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”
The median size of the companies targeted this quarter dropped even further, with the actors looking for smaller yet financially healthy organizations to disrupt, the company says.
Size of organizations targeted by ransomware gangs (Coveware)
In terms of the most active ransomware groups over the past quarter, statistics that Coveware collected show that BlackCat tops the list with 16.9% of the published attacks, followed by LockBit, which accounted for 13.1%.
Most active ransomware families in Q2 2022 (Coveware)
Another new trend observed by Coveware is the creation of many smaller ransomware-as-a-service (RaaS) operations that draw affiliates from recently defunct syndicates and perform lower-tier, opportunistic attacks.
The double extortion method, which threatens with leaking files stolen before being encrypted, continued this quarter as 86% of the reported cases involved this tactic.
Coveware underlines that in many cases, despite receiving the ransom payment, the threat actors continued the extortion or leaked the stolen files anyway.
In multiple cases, data exfiltration was the main extortion method for many attackers, meaning that many of the incidents didn’t involve file encryption.
This resulted in the average downtime from ransomware attacks dropping to 24 days, an 8% decrease compared to Q1 2022.
- NoneRain – 4 days ago
The only way to work this out is to not pay at all.
It’s about time to enterprise have good disaster plans.
- EndangeredPootisBird – 4 days ago
Tell that to the greedy CEO’s who earn 250x more than the employees, and to the IT departments that spend millions on maintaining Endpoint Security and not on Zero Trust and Identity and Access Management.
- Darkice – 4 days ago
The OP is right. If you don’t pay that ransom, and Nobody pays the ransom, it will not be a viable revenue stream. So hackers will stop because it has a zero payout. They will look for other means. Everything else is irrelevant.
Version: 4.5.12 4M+ Downloads
Everything Desktop Search
Version: 126.96.36.1997 21,024 Downloads
Zemana AntiLogger Free
Version: 188.8.131.520 50,823 Downloads
Version: NA 302,084 Downloads
Windows Repair (All In One)
Version: 4.13.0 2M+ Downloads