2022 has been a turbulent year. One good thing to come out of it is that ransomware earnings are significantly down.
Attacks on the crypto industry remain rampant. However, data suggests that victims are increasingly refusing to pay ransomware attackers. Blockchain analytics company Chainalysis, in a new report, shed light on the changing dynamics in the ransomware industry.
Zooming in on Ransomware Attacks 2022
It found that over 10,000 unique strains were active in the first half of the year alone – a trend that was also confirmed by on-chain data. In comparison, around 5,400 unique strains were recorded to be active over the same period of 2021. The number of active strains has increased substantially in recent years, a major portion, however, goes to a small group of strains at any given time.
Lifespans of ransomware have slid in 2022. In fact, the average ransomware strain was found to be active for just 70 days, down from 153 in 2021 and 265 in 2020. Most attackers funnel the extorted funds to mainstream centralized cryptocurrency exchanges. This number surged from 39.3% in 2021 to 48.3% in 2022.
On the other hand, ill-gotten funds being moved to high-risk exchanges fell from 10.9% to 6.7%. A similar declining trend was seen in the usage of illicit services such as darknet markets for ransomware money laundering. However, the usage of coin mixers for the same purpose has increased from 11.6% to 15.0%.
Less Frequent Random Payments
Chainalysis stated that the estimate for 2022’s total ransomware revenue fell by 40.3% to at least $456.8 million in 2022 from $765.6 million in 2021. The drop is substantial and demonstrated increasing unwillingness among the victims to pay ransomware attackers and not a decline in the actual number of exploits.
While asserting that ransomware continues to be a major cyber threat to businesses and enterprises, Michael Phillips, Chief Claims Officer of cyber insurance firm Resilience, noted:
“There have, however, been signs that meaningful disruptions against ransomware successful actor groups are driving lower than expected extortion attempts.”
Especially over the past four years, the probability of victims paying a ransom has seen a dramatic shift. An analysis conducted by Bill Siegel, CEO of ransomware incident response company Coveware, suggested that victim payment rates have dropped from 76% in 2019 to 41% in 2022.
This shift can be attributed to the fact that paying ransoms has become legally riskier, especially after the advisory issued by the US Treasury Department’s Office of Foreign Assets Control (OFAC) in September 2021 on the potential for sanctions violations when paying ransoms.
Another big factor playing a crucial role in the developing trend is the reimbursement attacks to victims of ransomware by cyber insurance firms. Phillips highlighted that companies have to meet stringent cybersecurity and backup measures to be insured for ransomware coverage. The demand for better cybersecurity measures has made it possible for companies to recover from attacks rather than giving in to ransom demands.
“An increased focus on underwriting against factors that contribute to ransomware has led to lower incident costs for companies and contributed to a decreasing trend in extortion payments.”