Ransomware Attacks, Payments Declined In 2022: Report (crn.com) 12
CRN reports:
Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.
The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.
Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022's total ransomware revenue "fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%." And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes "signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts," including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.
From the Wall Street Journal: After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware.... "It reflects, I think, the pivot that we have made to a posture where we're on our front foot," Deputy Attorney General Lisa Monaco said in an interview. "We're focusing on making sure we're doing everything to prevent the attacks in the first place."
The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands.... And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group's decryption keys — used to undo the effects of ransomware — for free.
In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.
The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.
Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022's total ransomware revenue "fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%." And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes "signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts," including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.
From the Wall Street Journal: After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware.... "It reflects, I think, the pivot that we have made to a posture where we're on our front foot," Deputy Attorney General Lisa Monaco said in an interview. "We're focusing on making sure we're doing everything to prevent the attacks in the first place."
The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands.... And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group's decryption keys — used to undo the effects of ransomware — for free.
In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.
Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.
Prove it's improved first. (Score:2, Troll)
"The hacking groups behind ransomware attacks have been slowed by better company security practices."
Oh, how I'd love to see the evidence of this as opposed to embarassed CxOs refusing to disclose when they've been electronically raped.
Ransomware is often defeated with 30-year old offline tape backup technology. No, I don't believe for a second IT or Cybersecurity departments are suddenly being respected and listened to.
Value of cryptocurrency isn't a factor (Score:5, Interesting)
as well as the drop in the value of cryptocurrencies such as Bitcoin.
Unless cryptocurrency goes away completely, the criminals can still just ask their victims for the amount they're seeking based on the current exchange rate.
It's far more likely that it has just become increasingly difficult for criminals to convert large amounts of cryptocurrency back into something they can actually spend, without getting caught in the process. Scummy exchanges willing to tolerate criminals typically end up being run by criminals themselves, funny how that works.
Re: (Score:3)
Scummy exchanges willing to tolerate criminals typically end up being run by criminals themselves, funny how that works.
Or in some cases, the FBI...
Remember the super-secret super-secure phones that drug dealers started using until it was discovered that they were being run by the NSA, who was getting CC'd on every text?
Re: (Score:2)
Remember the super-secret super-secure phones that drug dealers started using until it was discovered that they were being run by the NSA, who was getting CC'd on every text?
FBI app exposed Triads, cartels and Middle East crime syndicates [nypost.com](June 8, 2021):
The operation dubbed "Trojan Shield" in the US duped criminals across the globe into buying cellphones that had pre-loaded FBI software on them - and exposed Asian Triad gangs, Middle Eastern organized crime outfits, Latin American drug cartels and even biker crews to police investigators.
Hardened encrypted devices usually provide an impenetrable shield against law enforcement surveillance and detection. The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement.
Users thought their messages on the app were encrypted and hidden from law enforcement scrutiny - but every message sent on the platform was also delivered to investigators.
This sophisticated international criminal underworld takedown [nypost.com] that thwarted dozens of murders, netted a mountain of drugs and led to more than 800 arrests, authorities said.
It has netted some 8 tons of cocaine, 2 tons of amphetamine, 55 luxury cars, 250 guns and more than 20 tons of marijuana and hash after raids in countries across the globe, Jean-Philippe Lecouffe, deputy director of operations at Europol, said at a press conference in the Netherlands on Tuesday.
The messages gave investigators in Europe, the US and Australia a behind-the-scenes look as criminals plotted contract killings, drug trafficking and robberies.
Is this really much of a surprise? (Score:4, Interesting)
1. Getting hit for ransom totally sucks. In so many ways. Once this profound fact is known there is a lot of motivation to avoid it.
2. It is not that hard to defend against ransomware attacks. It does take money and some minimally competent personnel. And commitment at the executive level.
3. If you do get hit with a ransomware attack it is not that hard to recover if you have proper backups and a reasonable disaster recovery plan.
Too many people just have to learn the hard way. Watching a company succumb to the ransomware game is a lot like watching a guy who is in the habit of tailgating at 70MPH on the freeway all the time. They do it because they can get away with it. Often for a long time and maybe forever. Some people are just that lucky.
But once in a while the devil rolls snake-eyes and they suddenly become Exhibit A. In a wad of scrap metal or scraping the accounts for the ransom. Same thing, really.
Re: (Score:2)
But once in a while the devil rolls snake-eyes and they suddenly become Exhibit A. In a wad of scrap metal or scraping the accounts for the ransom. Same thing, really.
Claiming bankruptcy or scraping my loved ones brains off the freeway.
Gee, somehow I just don't see those as the same.
Re: (Score:2)
Let's not be deliberately obtuse, OK?
It is the same thing with regard to learning the hard way.
Another example: people warned time and again about thinking you can beat the casino. They nod understanding, but not until they are on the phone begging for money to get home do they begin to learn.
Another example: most good flight instructors I have known watch out for this. In flight training there are some mistakes that you just do not make even once. They might be great and handling the controls, bu
Re: (Score:2)
The reason is simple - ransomware used to just encrypt your files and that was the end of that.
Now it's not just encrypting your files, it's exfiltrating them as well. So you're paying just to get back your files, and maybe paying to stop those files from being released. But those files are already in the hands of other people, and who knows how many other hands that data is going to pass through.
So at this point, what are you paying for? Your data was already taken from you. It's probably cheaper and easie
Russo-Ukraine War? (Score:2)
I wonder how much of this is attributable to the disruption caused by the Russo-Ukraine War. Both countries known for their cyber criminals.