3/9
  • Pages
  • Editions
01 Welcome to CRII
02 Intro: What is ransomware now?
03 The year ransomware declined (for some)
04 Trends: Attack Severity and Pay Ratio
05 Trends: 2023 Early Indicators
06 Trends: Targeted Industries
07 Industry Focus: Healthcare
08 Recent Vulnerabilities
09 Thanks for Reading

Ransomware Trends

2022: The year ransomware declined (for some) The storyline in 2022 was one of ransomware decline — at least in the frequency of successful attacks. That’s certainly the case when it comes to the Corvus book of business, as we can see a steep and steady decline in ransomware frequency beginning all the way back in Q1 2021, and extending through the first quarter of 2023. Looking at frequency averaged across the full years 2021 and 2022, we saw a 52% reduction, and a 62% decline from Q1 2021 to Q4 2022.

We know, however, that our own process of selecting of risk, which is continuously updated as threats evolve, as well as programs that mitigate risk among our existing pool of policyholders, combine to make a strong impact on these results. Does this decline hold up when looking at a larger pool of organizations?

One way to answer that question is with ransomware leak sites. Our threat intel team gathers data on the number of ransomware victims whose data is published on dark web marketplaces or leak sites as a proxy for threat activity.

Now, there are some reasons to view this data as only part of the picture: when a ransom is paid it’s much less likely for data to be published — that’s what the victim seeks to prevent — so it’s naturally an undercount of total attack activity. And data is not always exfiltrated in a ransomware attack; although exfiltration is an increasingly popular tactic, some attackers choose not to go through the effort of “double extortion” and simply encrypt systems for ransom. All that said, it’s a consistent set of data to view over time, revealing trends with far more reliability than sources that rely on self-reporting or a self-selected group of organizations, such as customers of a particular security product.

Looking at victims in the US each month of 2021 and 2022, we can see a noticeable decline from the peak months of 2021 to a more consistent, lower level in 2022. All told, in 2022 there was a 45% reduction in the total victims whose information was posted on the dark web (1,112 vs. 1,607). Combined with the 52% reduction in frequency found in the Corvus book of business, the data makes a strong case for a significant decline in ransomware in the US last year.

The narrative of decline has less potency when looking at the global picture. We noted in our last report that beginning with Russia’s invasion of Ukraine, the share of ransomware victims in the US began to shrink, while overall activity barely budged. Looking across a full year of data, that trend held up. While the US saw 45% fewer victims posted, there was just a 6% decline year-on-year looking at all countries together. And if we exclude the US from the group, we see a nearly 20% increase in ransomware in 2022 vs. 2021. Attackers hardly went into hibernation — they just avoided US targets.

Share with others!

Legal Disclaimer: This report is intended for general guidance and information purposes only. This report is under no circumstances intended to be used or considered as specific insurance or information security advice. Please consult your broker with respect to the information presented herein.

Continue ﹥