Ransomware profits falling, but businesses must remain vigilant
Global ransomware profits have fallen to the lowest in three years in 2022, with profits valued 40% lower compared to 2021's numbers, according to a new report from Software Development Association of Poland (SoDA).
Could this be a sign that businesses are wising up to the threat of ransomware or are cybercriminals pivoting to alternative strategies?
"The panic and disruption triggered by Covid-19 proved to be the ideal environment for criminals to exploit businesses to hand over millions to criminals," says Dominik Samociuk PhD , Head of Security at Future Processing, member of Software Development Association of Poland.
"But after years of heightened warning regarding cybercrime, criminals are now seeing their financial exploits decline from ransomware attacks," he says.
"Obviously, the decline in ransomware profits is a positive sign for the business community, particularly when you take into consideration the harsh economic conditions we continue to navigate," Samociuk says.
"It could be that we are seeing businesses become more vigilant towards potential attacks or criminals are opting for fresher, more harmful tactics they could potentially weaponise."
Unfortunately, the grim truth is that ransomware attacks do continue to rise. Although revenues are falling, the frequency of attacks is escalating with 2022 seeing a dramatic increase of attacks by 77% compared to 2021 figures. A flurry of cybercriminal gangs faced arrest in recent years, convicted of targeting bigger, blue-chip businesses and organisations.
"The feeling is that there is a bigger target on your back when attacking larger organisations with the prospect of a higher pay-off," says Samociuk.
"Cybercriminals have now turned their attention to carrying out more frequent attacks, on smaller, less suspecting targets.
"We are seeing a growing number of victim organisations simply refusing to pay the ransomware demands. More organisations are willing to sacrifice any data that may have been stolen in a bid to save themselves, financially speaking," he says.
Although profits are down, ransomware activity continues to burden UK businesses. Samociuk offers guidance on how organisations can better equip themselves if they were to fall victim to ransomware.
"If your organisation comes under attack, the most important step to remember is to not pay the ransom," he says.
"The reason for this being is because it only encourages the criminals to rinse and repeat their actions either on others or yourself once again. Backing up data either off-site or via cloud is essential.
"Swiftly identifying the affected endpoints will be another key area to ensure is covered in the event of an attack. Disconnecting infected endpoints from the network will stop the spread of malicious ransomware affecting other endpoints."
Samociuk says having a robust response plan in place will be crucial to ensuring organisations understanding the full extent of the cyberattack.
"Gathering the right information on key areas such as identifying whether every computer, software, laptop and server were compromised and if so, how?
"Having the expertise in place to mitigate the effects of ransomware will hold your business in good shape for the future," he says.
"Furthermore, by taking the same action as so many victims right now and refusing to pay the ransom will continue to dampen their profits and potentially harm their long motivations.
"Businesses are seemingly wising up to ransomware and increasingly refusing to pay the demands of criminals, a sign of progress against the threat of cybercrime. But attacks are continuing, and business owners have to ensure they have the correct response and infrastructure in place if they were to come under attack," Samociuk says.
"Instilling ransomware and wider cybercrime expertise across a business will contribute to the positive trend of declining profits across ransomware activities," he says.
"Being prepared not only in the event of an attack but understanding the fallout are pivotal factors for businesses navigating the increasingly complex landscape of cybercrime."