Ransomware payments are down.

Why that might not be a good thing for Nebraska.

Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022.

When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting smaller organizations – given the law enforcement fallout they often face after hitting very large businesses – as well as the erosion of established ransomware-as-a-service brands.

While this is progress in the grand scheme of things, cybercriminals moving down the food chain to smaller organizations is a cause for concern. It’s especially concerning for organizations like community banks and rural hospitals, given the significant attention that cybercriminals have given to the healthcare and financial services sectors.

Specific Risks
Over the first quarter of 2022, Coveware found that only five ransomware strains accounted for almost half of the market, with the strains listed below taking 48.3% market share.

Market Share — Conti and LockBit Dominate:

  1. Conti v2: 16.1%
  2. LockBit 2.0: 14.9%
  3. BlackCat – aka Alphv: 7.1%
  4. Hive: 5.4%
  5. AvosLocker: 4.8%

Unlike most ransomware that uses an affiliate model, security researchers say Conti has run most of its attacks in-house, backed by robust teams and subgroups focused on targeting different types of victims, as well as ongoing research and development.

Unfortunately, many attackers continue searching for a sweet spot in the size of the victim they target: not so small that only a paltry ransom amount can be demanded and not so large that it leads to close attention from law enforcement agencies. Which puts a large number of Nebraska organizations straight in the crosshairs.

Message: Stay the Course
Despite the reported reduction in the number of organizations that pay a ransom and a reduction in the average amount being paid, don’t expect a quick or easy resolution to the ransomware problem; extortionists remain experts at finding innovative new ways to shake down victims. However, if these trends do continue, the ransomware problem may appear much more diminished by 2025. Until then, ransomware is still a large threat to any organization with valuable data and vulnerability.

If you have questions about IT security or the changing IT threat landscape, call ITPAC today.