Ransom demands were up, but the number of incidents fell off during 2022.
Ransomware trends: 2022.
Delinea has published its 2022 State of Ransomware Report, finding that there’s been a sharp decrease in the volume of ransomware attacks, though the average ransom demand has gone up.
Ransomware slows down.
Delinea found that only 25% of respondents said their organizations were hit by ransomware in 2022, down from 64% in 2021. The number of victims who paid the ransom also fell from 82% to 68%. The researchers aren’t sure what led to this decline, but they note that it may be due to the reorganization among major ransomware crews (particularly Conti) that took place during 2022.
Ransom demands increase.
Despite the slowdown in attacks, the researchers found that the average ransom demand has gone up over the past year:
“It’s important to note that while the volume of attacks appears to be decreasing, the average ransomware payment is increasing. The payments in cases worked by Unit 42 incident responders were nearly $1 million in the first five months of 2022, a 71% increase over the same period the previous year. On top of payments, companies are also paying for remediation expenses, downtime, and reputational harm.”
Vigilance is on the decline.
The survey also highlights a discouraging trend: organizations seem to be taking the ransomware threat less seriously than they did in 2022. The researchers found that most (76%) of organizations increase their security budgets only after they’ve suffered a ransomware attack:
“Budget allocations for ransomware are in decline, as only 68% of those surveyed said they are currently allocated budget to protect against ransomware versus 93% during the prior year. The number of companies with Incident Response Plans also declined from 94% to 71%, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51%) and using Multi-Factor Authentication (50%).”