While ransomware attacks remain highly dangerous, data from a prominent insurer suggests that their frequency and severity is beginning to decline. Credit: Huawei Ransomware attacks began to become both less common and less costly in the first half of 2022, as payments to attackers and the number of attacks that resulted in paid ransoms both shrank, according to new data released today by cyberinsurance company Coalition.After increasing sharply at the outset of the pandemic, the frequency of ransomware claims made by Coalition policyholders shrank sharply during the first six months of the year, dropping from a peak of 0.66% of all policyholders in the second half of last year to 0.41% in early 2022—a figure lower than the initial 0.44% seen in 2020’s second half, when the COVID crisis was at its height.Part of the reason for this decline, according to the Coalition report, is the growing prevalence of offline backup systems at major companies, which means that more ransomware targets can simply restore their data without having to engage with their attackers. Additionally, the company said, outside sources like recovery services provider Coveware and Verizon indicate that the average size of a ransomware payoff has declined precipitously in recent months.Strategy of ransomware groups evolveIt’s important to note, however, that the organized groups behind many of the most prominent ransomware attacks have constantly evolving strategies, Coalition said. “Over the last three years, cyberattacks have evolved into a viable criminal business model with threat actor groups such as Conti, Lockbit, and Hive continuing to make headlines,” the report said.Moreover, one of those evolutions seems to be a shift toward targeting smaller businesses, which are often less able to cope with the consequences of ransomware attacks. The average cost of a cyberincident claim for a small business in the first half of 2022 was $139,000—a hefty sum for a small company. “Cyberincidents have the power to put very small organizations out of business,” Coalition warned.Gartner senior director analyst Jon Amato agreed that, while ransomware is somewhat in decline, it remains a “profit center” for cybercriminals, and is still a critical danger to vulnerable organizations.“Tamper-resistant backups and better detection methods have helped here, as have legislative solutions banning or strictly regulating ransom payment,” he said. “In addition, many organizations (both in the public and private sectors) have simply taken the position that they will not pay under any circumstances.”Amato noted that related attack techniques, which don’t rely on completely locking victims out of their systems, can be more difficult to deter with purely technical solutions.“For example, data exfiltration and the threat of sensitive data disclosure is becoming an increasingly prevalent attack technique, which can in some cases make having good backups and recovery processes irrelevant to the pay/no-pay decision,” he said. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe