You Wouldn’t Know It But Ransomware Groups Are Struggling

A 2022 drop in ransomware attacks led to a big decline in payouts to ransomware groups compared to 2021. Then 2023 happened, and a record $1.1 billion was paid by high-profile institutions, hospitals, schools, and government agencies.

Security Intelligence reports that in 2023 there was meteoric growth in the number of threat actors carrying out attacks. A minimum of 538 new ransomware variants were detected. Ransomware-as-a-Service made malicious tools developed for ease of operation widely available. High-profile companies became targets of choice, leading to payments of $1 million or more. You’d think there would be no time like the present to be in the ransom attack racket, but you’d be wrong.

“Things are just getting increasingly complex and almost desperate in terms of the ability to continue operations,” according to Marley Smith, Principal Threat Researcher at RedSense. Ransom-as-a-service groups have an endless need for relatively scarce contractors with the skill to test penetration tools that will be functional against large targets. 

And then there’s that pesky war between Russia and Ukraine. The top-tier ransomware groups consist of Russians, Belarusians, and Ukrainians. They’re still colleagues, but they struggle to find ways to cooperate without ending up in prison or consorting with the enemy.

The message: The war against ransomware is winnable, so stick with the strategy. Security Intelligence notes that winning requires the right technology as well as a collaborative effort between law enforcement, product makers, and organizations.

The role companies play is pretty straightforward; Use state-of-the-art cybersecurity; if you’re attacked don’t pay ransom; if you have to pay, make the required reports to government and law enforcement agencies.

Keep in mind that new technology means enterprises are no longer completely devastated by data encryption, and remember that it’s not unheard of for victims to recover their ransomware payments.