Elain Brown Tech 07.29.2022 01:Jul AM EDT

Less Ransomware Victims are Choosing to Pay Hackers for Their Stolen Info, Statistics Show

Ransomware data shows that fewer people are choosing to pay the threat actors behind their compromised systems.

Ransomware has continued to become rampant nowadays, with threat actors coming from all parts of the world and launching attacks left and right for various different motives.

However, Coveware has discovered that despite the observed increase in ransom demands, there are more and more victims who are choosing not to pay the actors behind these attacks.

Ransomware Data by Coveware

In a ransomware data attack, the threat actors behind these ransomware attacks deploy different types of malware, viruses, or spyware in order to take control of a device or system.

Some actors choose to infiltrate a system to steal data, or most of the time, make certain data or functions unavailable and then demand money from the victims they have targeted in exchange for helping them undo the damage.

However, Bleeping Computer reports that Coveware, a cybersecurity business that specializes in helping organizations remediate ransomware attacks, has recently published a new report saying people are paying these attackers less.

The average amount of money paid in ransom rose by more than 8 percent from the first quarter of 2022 amounting to $228,125. The average was brought up by several outliers, but the median ransom payment actually went down to $36,360, which is a fall of 51% from the first quarter of 2022.

The movement of RaaS affiliates and developers toward the mid-market, where the risk-to-reward profile of operation is more consistent and less dangerous than in high-profile attacks, is reflected by this trend.

Coveware has also noticed a trend that is encouraging in which significant corporations are refusing to negotiate with ransomware groups when the hackers want an impossible sum of money as a ransom.

Cyber Extortion

The ransomware data collected from these malicious incidents shows that 86% of them have been threatened to publicly leak it, according to Coverware.

Despite the plethora of resources and security companies that address these types of attacks,Coveware stated that there is still a plethora of businesses and organizations that choose to give in to the demands of data exfiltration extortion.

Throughout the second quarter of 2022, the company continued to find evidence that threat actors do not keep their promise when it comes to erasing data that has been exfiltrated.

However, despite this finding, some victims of data exfiltration continue to contribute to the economy of cyber extortion by paying useless ransoms.

According to the UK's National Cyber Security Centre and the Information Commissioner Office, the ICO does not believe that the practice of paying money to criminals who have attacked a system reduces the danger to individual users in any way.

Coveware agrees stating, "If the stolen data has value to other cyber criminals, it will likely be sold out of view."

"Paying a ransom does not mitigate the risk or harm, or any liability the victim has to try to protect impacted parties."

Lastly, in the report published by the company, they revealed that these are the following ransomware groups that have carried most of the cyberattacks.

BlackCat 16.9%
Lockbit 2.0 13.1%
Hive 6.3%
Conti V2 5.6%
Quantum 5.6%
AvosLocker 5%
Black Basta 5%
Phobos 5%

Additionally, the breakdown of the Conti RaaS operations and the subsequent affiliate has resulted in the creation and expansion of a number of RaaS businesses, both those that already existed and those that have recently been established.