Meanwhile, cybersecurity researchers at Coveware have also suggested that the number of victims paying ransoms has declined significantly in recent years, dropping from 76% of victims in 2019, down to 41% of victims in 2022.
The figures don't and can't account for every ransomware attack but researchers suggest that the pattern is clear -- fewer victims are giving into extortion demands and ransomware gangs are, overall, finding it harder to monetize attacks.
And if the company has invested in a good cybersecurity strategy, it means they're better equipped to deal with the fallout, even if an attack is successful.
"Companies that are better able to defend themselves do not succumb to attacks as frequently. Enterprises with well-practiced incident response processes are less likely to experience material impact (which may result in a ransom payment) when an attack is successful," said Coveware researchers.
Researchers suggest the second reason for the decline in ransom payments is a change in approach from law enforcement, which has shifted from being purely focused on shutting down cyber-criminal operations and making arrests to directly helping victims of attacks, as well as providing advice and support on how to ensure the network is as robust against cyberattacks as possible.
The third reason for the decline in ransom payments is down to a self-fulfilling cycle; as fewer victims pay the ransoms, it becomes harder for ransomware gangs to make money, meaning that some groups are forced to cease operations because it just isn't worth the time or effort if they're not making a return.
For starters, being hit with a ransomware attack and being locked out of files and servers will cause disruption -- and when this lockout involves critical infrastructure or healthcare, it can have devastating and long-term impacts on people who rely on those services.
Ransomware remains a significant cybersecurity threat to organizations, but there are strategies that can be implemented to make it more difficult for ransomware gangs and other cyber-criminal groups to breach networks and make money from attacks.
Securing users with multi-factor authentication (MFA) can go a long way to stopping hackers from getting into the network, even if they know the right password. If used correctly, MFA not only prevents cyber criminals from exploiting stolen login credentials, but can also inform the user -- and the security team -- that passwords have been guessed or stolen.
Organizations should also ensure security patches and updates are applied in a timely manner, to prevent cyber criminals from being able to exploit vulnerabilities with known fixes to gain access to accounts or networks.