Skip to main content
Jul 27, 2022 - Economy

Ransomware attacks decline amid crypto downturn

headshot
Global ransomware attacks
Data: SonicWall; Chart: Thomas Oide/Axios

One silver lining of a crypto winter: the threat of digital assets being held for ransom has abated.

Driving the news: Ransomware attacks declined 23% from January to June, according to U.S. cybersecurity firm SonicWall's 2022 mid-year cyber threat report.

  • "For ransomware, we’re seeing correlation that’s in line with crypto markets," Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Axios.
  • "Someone has changed the locks on your house, and you have to pay a fee to get back in," he said, describing a typical ransomware attack.
  • Be smart: If the house is less valuable, maybe it's a less lucrative proposition to hold it up for ransom.

State of play: The number of organizations willing to pay a ransom demand has been trending down.

  • Less than half in the first quarter of 2022 were willing to pony up, compared to 85% of targets in the first quarter of 2019.

Of note: "There are also competing political factors," Chavoya said, explaining that the Russia-Ukraine war, for example, could have contributed to the decline.

  • Intelligence firms U.S. Cyber Command and NSA Cybersecurity have said that the threat actors operating in Russia may be more focused on Ukraine.
  • Ransomware actors tend to have some allegiance in the region they operate, according to Chavoya.

What they're saying: "Despite continued denials that the country is harboring cybercriminals, roughly two-thirds of state-sponsored cyberattacks have been traced back to Russia in the past few years," SonicWall's report stated.

  • "And 74% of all money generated by ransomware last year — nearly $400 million — went to groups “highly likely to be affiliated with Russia.”

Details: Ransomware attacks peaked in the second quarter of last year at $188.9 million after two straight years of increases.

  • The top three ransomware families, Ryuk, Cerber and SamSam, accounted for 62% of all ransomware attacks last year, according to SonicWall.

The bottom line Ransomware attacks just this year already eclipsed full-year totals for 2017, 2018 and 2019. So attacks are still at pre-pandemic levels.

Go deeper