Let’s start off by beating the drum yet again. We do not recommend that victims of Ransomware pay a ransom. We’ve discussed in previous posts the uncertainty and odds against recovering stolen data by paying ransom. (Spoiler Alert: Forbes has reported that less than 10% of ransom paying companies actually regained all their stolen data.) This calculus becomes even more difficult and painful if you don’t have, and regularly exercise a good Disaster Recovery plan. For which, if you don’t, you should immediately start developing a roadmap.
Having said all that, Coveware issued a report earlier this month indicating that average ransom paid for a ransomware incident decreased in 2021. The average amount decreased form 136k in Q1 to 47K in Q2. This is a bit of a tight window of data but it definitely indicates a positive trend for a number of reasons.
The FBI and its Federal, State, Local and International partners have been systematically dismantling the largest of the international Ransomware gangs such as Emotet and REvil, and offered enormous rewards such as the 15M USD one currently available for information on the Conti Gang . Law Enforcement is essentially following the standard playbook for fighting organized crime and removing the most effective players from the game board.
Another likely reason for the drop is that larger companies, the ones more likely and able to pay large ransoms, have invested more in preparation, defense and response of the corporate IP. They are more likely to effectively back up, and protect their data. Restoration of those backups is more likely to be regularly tested and exercised. The data itself is more likely to be encrypted, preemptively removing the threat of extortion which now regularly accompanies a ransomware incident. With the correct preparation and proper incident response procedures in place, the need to respond to a ransomware gang is completely obviated.
Lastly, as more companies become educated about ransomware, and the realities of engaging with a organized crime operation become more well known, even those companies without the necessary safeguards are recognizing the futility of paying ransomware.
As ransomware becomes less profitable to these bad actors, the flood of incidents will slow. However, the time to resolve your ransomware incidents is BEFORE they occur. If you or your company needs assistance setting up the necessary security, #principia/RAID can help.