Even though ransomware groups extorted at least $457 million from victims last year—$311 million less than 2021—cryptocurrency experts at Chainalysis recently reported that cybercrime gangs have had a 40% drop in earnings as victims are refusing to pay ransoms.

While the true figures are likely to be higher, as victims refusing to pay the ransom, experts said there has been a drop in criminal revenue. However, the number of attacks is rising.

Bill Siegel, of Coveware—which specializes in negotiating with hackers—echoed the claim of Chainalysis that the trend of ransomware payments has reduced significantly as his clients are becoming increasingly reluctant to pay the hackers. He added that compared to 70% in 2020, only 41% of his clients’ paid ransoms in 2022.

“Ransomware attacks are a persistent threat to organizations around the world with attacks happening on a nearly daily basis. Ransomware attacks have gone beyond fear and disruption to become a profit-making business pursuit. Ransomware crews typically ramp up pressure on firms to transfer funds in cryptocurrency, such as Bitcoin, to an anonymous digital wallet. Even aggressive extortionists have built a complete business model: subscribing to ‘Ransomware as a Service (RaaS)’.

“With payments mostly in cryptocurrencies and cyber criminals working as a global syndicate sharing profits, double charging victims for data recovery and data secrecy, RaaS is a very organized crime business,” said Amit Jain, EVP and Global Head, Cybersecurity & GRC Services, HCLTech.

According to the BBC, no government has made it illegal to pay ransoms, but Siegel is among other cyber experts who think that US sanctions against hacker groups, or those with links to Russia’s Federal Security Service, have made paying some groups legally risky.

“We refuse to pay ransoms if there’s even a hint of connection to a sanctioned entity,” Seigel told the BBC.

Rising awareness leads to improved cybersecurity

“Hackers are definitely finding it harder to get paid for ransomware attacks,” said Brett Callow, threat researcher at cybersecurity company Emsisoft, adding companies have become better at protecting their backups, reducing their need to pay hackers for recovery.

However, the Global Cybersecurity Outlook 2023 report released in the World Economic Forum earlier this week mentioned that worldwide geopolitical instability has exacerbated the risk of catastrophic cyberattacks in coming years.

According to the report—the findings of which were based on surveys, workshops and interviews with over 300 experts and executives—more than 93% of cybersecurity experts and 86% of business leaders believe “a far-reaching, catastrophic cyber event” is likely in the next two years.

Even though rising awareness among organizations is leading to improved cybersecurity, approximately 34% revealed that they lacked some skills in their team with 14% said they lacked critical skills.

In key sectors such as energy utilities, nearly 25% of cybersecurity experts said they lacked the necessary critical skills to protect their organizations’ operations, the WEF statement said.

Despite challenges, organizations are improving cyber resilience and the current landscape is making them reevaluate the countries in which their organizations do business.

“As global instability increases cyber risk, this report calls for a renewed focus on cooperation. All stakeholders from public and private sectors who are responsible for our common digital infrastructure must work together to build security, resilience and trust,” said Jeremy Jurgens, Managing Director of WEF, in the release.

Attacks on the rise

Despite the drop in revenue, researchers from cybersecurity firm Fortinet found that more than 10,000 unique types of the malicious software were active in the first half of 2022.

Hackers are also adopting AI-ML techniques to improve the scale and variety of their cyberattacks.

“From ransomware and supply chain attacks to Distributed Denial of Service (DDoS), cybercrime has become more organized and more sophisticated with the rise in Artificial Intelligence. Cyberattacks can be devastating to governments and enterprises with the use of AI, especially.

“There has been an increase in cybercriminals using AI and ML to hide behind an organization’s infrastructure before attacking. Some of the new attack methods include creating deepfake data, building better malware, stealth attacks, AI-supported password-guessing, weaponizing AI frameworks for hacking vulnerable hosts and ML-enabled penetration testing tools,” said Renju Varghese, Fellow & Chief Architect, Cybersecurity & GRC Services, HCLTech, on Monday.

Work in smaller groups

After alleged members of the REvil gang were arrested around the world in a global police operation in November 2021 and the Darkside gang was taken offline in June 2021, many criminals gangs have been forced to work in smaller groups.

Russian officials have time and again denied the country is a “haven for the criminal groups”, but experts believe many ransomware crews are based in Russia.

“While big-game hunting may have gotten more challenging, it is still rewarding,” said Jackie Burns Koven, head of cyber-threat intelligence at Chainalysis and warned that ransomware is still extremely profitable and smaller-sized organizations should be even more vigilant as hackers spread their net wider in an effort to be paid.

Zero Trust

Increasingly, organizations are turning to AI to bolster their cybersecurity defenses. With the rise in the AI threat and other cybersecurity weaknesses, Zero Trust Network Access (ZTNA) has also experienced similar growth to AI-based security products.

According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 — up from less than 10% in 2021.

In the age of Zero Trust, providing access only to segmented networks and enforcing least privilege access is key to securing environments. A zero-trust strategy treats everyone as an outsider.

An Acumen Research and Consulting report highlighted that the global AI-based security products’ market reached $14.9 billion in 2021 and is predicted to grow to $133.8 billion by 2030.

HCLTech’s fortified walls

Ransomware has proven to be both extremely prevalent and effective at disrupting business in today’s technology landscape. The greater scale of today’s environments and the vast expansion of a remote workforce has made it increasingly difficult to prevent this rising threat.

HCLTech’s Fortius cybersecurity consulting has Forrester Research certified zero-trust strategists who help end user organizations better understand this approach, identify gaps in existing security posture and provide industry-best practices. HCLTech has been offering cybersecurity and governance services for the past 25 years.

Case study: A globally renowned organization engaged in healthcare, assistance, safety, and emergency services across most areas of Europe. The client wanted to ensure robust security of their web applications to prevent unauthorized access and data breaches. HCLTech deployed its vulnerability assessment, web application scanning framework, penetration testing, and dynamic application security testing services.

HCLTech experts with a vast range of industry experience and insights, review existing implementations, security platforms, and strategies, thereby providing detailed reports on findings, feedback, and suggestions, tailored to your business, on how to improve your ransomware readiness, response and recovery.