Ransomware Attacks, Payments Declined In 2022: Report

Mandiant disclosed that it responded to fewer ransomware attacks last year, while CrowdStrike reportedly found that the average ransom demand fell in 2022.

ARTICLE TITLE HERE

Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year.

The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware.

id
unit-1659132512259
type
Sponsored post

[Related: Mandiant: 79 Percent Of Cybersecurity Decisions Ignore Threat Intelligence]

Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.

As additional evidence, blockchain data platform Chainalysis told WSJ that ransomware payments that it tracked in 2022 fell by 40 percent to $457 million. The figure was initially disclosed in a recent blog post by the company.

“The trend is clear: Ransomware payments are significantly down,” Chainalysis said in the post.

For managed service providers, the reported drop in ransomware is a welcome sign, given that overall security obligations keep rising and talent in the field remains hard to come by.

“The overall trend is that our responsibilities just keep climbing,” said Michael Kamen, founder and CEO at Edge Solutions Group, a Santa Monica, Calif.-based MSP. “The level of vigilance that we have to have in place, and the constant need to educate the clients, is just increasing.”

Ransomware is certainly not going away though, as evidenced by recent attacks such as the ESXiArgs ransomware campaign that compromised thousands of VMware ESXi servers in Europe and North America this month.