Ransomware Payments Drop as Victims Refuse to Play Along

Security researchers have spotted a new trend in global ransomware attacks - victims who refuse to play along with the cyber criminals and outright decide not to pay the ransom money are growing in number.

This trend has led to a drop in the average amount of ransoms paid. Statistics published by cybersecurity firm Coveware show that the average ransom payment for the last quarter of 2020 slipped by nearly 34%. The sum went from 233 thousand dollars down to just 155 thousand.

The decrease is believed to be primarily caused by outright refusal of the victims to play along with the cybercriminals. The most common payment method for ransomware hasn't changed - bad actors would demand payment in bitcoin, in exchange for the promise of a decryption key that can restore the victim's systems to working order.

Analysts believe that even though there are entities that pay the ransom, the overall trend is a big positive. Coveware stated that this if trend of refusing to cooperate with the extortionate demands continues, this may lead to a global drop of ransomware attacks in general.

After all, the criminals are in it only for the money and facing increasingly staunch refusal to pay from their victims, this can cause a shift in their activities.

A collateral effect of this trend is that bad actors have altered their tactics and demands over time. In addition to simply scrambling data and rendering networks inoperable, threat actors have also started threatening their victims that they would leak stolen sensitive information that they grabbed from the compromised network during the attack.

This type of additional vector was used in 70% of all ransomware attacks in the last quarter of last year. This was a significant increase from the 50% recorded during the previous quarter.

Despite this new attack angles and methods, even the percentage of entities threatened with data leaks who paid ransom dropped, which is a positive sign.

The methods that attackers use to infiltrate and compromise networks before they deploy ransomware on them has not changed a lot. Phishing e-mails seeking to steal employee credentials are still among the most common tactics criminals use.

February 4, 2021