Ransomware demands are growing, but life is getting tougher for malware gangs

Ransom payments are going up, but there are signs that the tide may be turning against the gangs.
Written by Danny Palmer, Senior Writer

Victims of ransomware attacks are paying higher ransoms than ever before, but there are signs that organisations are starting to take heed of cybersecurity advice, making them more resilient to cyber criminals. 

According to analysis by cybersecurity researchers at Sophos, the average ransom payment made by victims to choose to pay cyber criminals for a decryption key to restore their files and servers following a successful ransomware attack has increased to $812,260 – an almost five-fold increase compared with the 2020 average of $170,000. 

And the proportion of victims who pay ransoms of over $1 million has also risen substantially, up from 4% of ransom payments in 2020 to 11% in 2021 – meaning one in ten successful ransomware attacks is providing cyber criminals with a million-dollar payday

According to analysis by Sophos, just under half of ransomware victims pay the ransom, perceiving it to be the quickest way to restore the network – even though decryption keys provided by cyber criminals can't be trusted and paying a ransom might just show that the victim is an easy target who could be extorted again

SEE: Cybersecurity: Let's get tactical (ZDNet special report)

Ransomware attacks continue to be successful because cyber criminals can still exploit common cybersecurity vulnerabilities to enter networks and carry out campaigns. But while ransomware is still a major cybersecurity issue, there are signs that the situation could be about to get better.

"I'm a little optimistic for the first time in years about ransomware – I think we might be at the peak of our worst right now and I'm hoping we start to turn a corner," Chester Wisniewski, principal research scientist at Sophos, told ZDNet, citing how government bodies like the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) have stepped in in "a meaningful way" to provide accessible and useful advice on how to improve cybersecurity. 

"The advice they're giving and the things they're doing are actually helping – I don't think enough organisations are listening to them yet, but at least the resources are accessible, approachable and usable, so it's a good start," he said 

In addition to this, cyber-insurance providers are demanding better security preparations from companies before issuing policies. Wisniewski also said the US sanctions against Russia following its invasion of Ukraine have had an impact on American businesses that do not want to pay ransoms to cyber criminals, who are often working out of that region. 

"We're seeing it being a really serious motivator for American companies and insurance companies to not pay ransoms," he said. 

But while there are some encouraging signs, it's unlikely ransomware is going away any time soon.  

The reason ransomware is so lucrative for cyber criminals is because there are victims who pay the ransoms. And if there are organisations out there who are vulnerable to cyberattacks and are still willing to pay six-figure ransom demands, there's always going to be ransomware groups trying to exploit this fact. 

"I don't think you're ever going to deter the hardcore ransomware groups because there's too much money to be made when they're getting multi-million dollar hits," said Wisniewski. 

"Crooks aren't going to walk away from that, even if it's a one in twenty chance – it's still a million dollars," he added.  


Editorial standards