Ransomware: Fewer and fewer victims pay ransom – payment ban a long way off
As willingness to pay decreases, ransomware gangs ramp up the volume of attacks. Meanwhile, a thesis paper warns against legislative payment bans.
Ransomware message on a laptop.
(Bild: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Less than a third of all ransomware victims pay the ransom demanded. This is the result of a recent study by Coveware. In their quarterly report, the US security specialists also report that the average payment amount has fallen by over 30 percent.
Although the number of unreported cases is high – Coveware admits that it cannot keep track of all cyber extortion cases –, it sees enough to be able to make statistical statements. And these are clear: the willingness to pay has fallen to a new record low of 28 percent. This means that ransomware crooks carried out over seventy percent of their attacks in vain in the first quarter of 2024.
As Coveware goes on to explain, the decline is due to two important factors: Companies are becoming increasingly resilient to ransomware attacks and can restore their ability to work through backups, for example. In addition, criminals are not to be trusted and breach of promise is the order of the day – which further reduces the willingness to pay. A recent example was provided by the AlphV gang, which made off with 22 million dollars in ransom money and left its victim, the UnitedHealth Group, to another blackmailer, who once again held out his hand. The incident is likely to cost the US healthcare giant well over a billion dollars.
Legal regulations are a long way off
Legislation to prevent ransom payments is still a long way off. In a position paper, experts even argue against a quick ban on payments. Attacks against government organizations, which are already not allowed to pay ransoms, have not seen a significant decline and many companies and institutions worldwide are simply still too ill-prepared for ransomware attacks.
One of the authors of the paper is Kemba Walden, National Cyber Director for nine months last year and therefore IT security advisor to President Biden. She explained her wait-and-see attitude during a hearing of the US House of Representatives: if ransom payments were banned, this could lead to the bankruptcy of small and medium-sized companies on which the American economy relies.
Instead of a quick fix, Walden and her co-authors are now presenting a 16-point plan that focuses on preparedness and resilience as well as deterrent measures and could be implemented over the next two years. However, the measures are not new – they are essentially based on a report published in 2021 by the "Ransomware Task Force", to which Walden, then still a Microsoft employee, contributed.
Veeam buys in ransomware experts
Meanwhile, Coveware's expertise in ransomware matters has not gone unnoticed in the market – Backup specialist Veeam is acquiring the company. The aim is to integrate some Coveware products into the Veeam platforms and together offer customers even better options for recovering from cyberattacks.
(cku)
