Ransomware attacks decline amid crypto downturn
One silver lining of a crypto winter: the threat of digital assets being held for ransom has abated.
Driving the news: Ransomware attacks declined 23% from January to June, according to U.S. cybersecurity firm SonicWall's 2022 mid-year cyber threat report.
- "For ransomware, we’re seeing correlation that’s in line with crypto markets," Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Axios.
- "Someone has changed the locks on your house, and you have to pay a fee to get back in," he said, describing a typical ransomware attack.
- Be smart: If the house is less valuable, maybe it's a less lucrative proposition to hold it up for ransom.
State of play: The number of organizations willing to pay a ransom demand has been trending down.
- Less than half in the first quarter of 2022 were willing to pony up, compared to 85% of targets in the first quarter of 2019.
Of note: "There are also competing political factors," Chavoya said, explaining that the Russia-Ukraine war, for example, could have contributed to the decline.
- Intelligence firms U.S. Cyber Command and NSA Cybersecurity have said that the threat actors operating in Russia may be more focused on Ukraine.
- Ransomware actors tend to have some allegiance in the region they operate, according to Chavoya.
What they're saying: "Despite continued denials that the country is harboring cybercriminals, roughly two-thirds of state-sponsored cyberattacks have been traced back to Russia in the past few years," SonicWall's report stated.
- "And 74% of all money generated by ransomware last year — nearly $400 million — went to groups “highly likely to be affiliated with Russia.”
Details: Ransomware attacks peaked in the second quarter of last year at $188.9 million after two straight years of increases.
- The top three ransomware families, Ryuk, Cerber and SamSam, accounted for 62% of all ransomware attacks last year, according to SonicWall.
The bottom line Ransomware attacks just this year already eclipsed full-year totals for 2017, 2018 and 2019. So attacks are still at pre-pandemic levels.