Strong federal sanctions and increased security have contributed to a decrease in costly ransomware attacks in the past year.
- Cybersecurity firms like Mandiant are reporting a 15% decrease in the number of extortion attemps, while Crowdstrike saw the overall payments decrease from an average of $5.7 million to $4.1 million. Chainalysis Inc. reports a 40% decrease in payments, The Wall Street Journal reports.
- The number of ransomware attacks where the affected party is forced to pay the ransom has decreased from 85% to 37% in just four years, Coveware Inc. reports.
- Strong recovery efforts for lost money and crypto have also acted as a deterrent, rendering the attempts to steal money moot once the funds are returned.
- However, this decrease could be a momentary statistical anomaly as hacker groups regroup and change strategies. The threats have only partially decreased as hackers look for more sensitive industries.
Why It’s Important
Ransomware, or attacks wherein a hostile party hacks a computer’s hard drive and locks it down until a certain amount of money is wired through the software, has become more common in the past decade, particularly among sensitive industries such as hospitals and major businesses.
It wasn’t an issue that the White House considered important until the 2021 Colonial Pipeline attack briefly crippled oil supplies in the eastern U.S. for several weeks, The Journal notes.
Increased federal responses and corporate attempts to preemptively prevent ransomware attacks have deterred the practice significantly, reducing the ability of hackers to meaningfully attack vulnerable targets and hold their plundered winnings after the attack has been successful. The new emphasis has also meant that companies are in a better position to recover from these hacks after the fact by rebooting their systems with uninfected software.
“It reflects, I think, the pivot that we have made to a posture where we’re on our front foot. We’re focusing on making sure we’re doing everything to prevent the attacks in the first place,” Deputy Attorney General Lisa Monaco tells The Journal.
“We needed to change our orientation … to one where we are putting prevention first, disruption first, and putting victims at the center of our approach. That means we are trying to break the business model of ransomware actors,” she tells the Munich Cyber Security Conference.