Ransomware scammers are targeting smaller businesses, partly because larger firms are refusing to pay up. Attackers are also more likely to threaten to expose data than in the pass.

The statistics come from security company Coveware, which sells ransomware response services. While precise figures should be taken with a pinch of salt, the company reports the average (mean) payout to ransomware scammers in the second quarter of 2022 was $228,125, up eight percent on the previous quarter. (Source: coveware.com)

However, it appears that's a case of a few major attacks distorting the average. The median payout almost halved to $36,360. That means that half of payouts were more than this and half were less.

Smaller Businesses Targeted

That fits with another statistic from the company: the median number of employees at a company hit by malware was a little over 100, down from well over 150 last quarter and nearly 250 as recently as late 2022.

It suggests a shift in focus with attackers more likely to target smaller companies and ask for smaller amounts, rather than pin their hopes on targeting a few major firms for big paydays.

It also seems the largest companies are now more likely to refuse to pay a ransom demand. That could be a shift in attitude, adopting the philosophy that any payout simply encourages future attacks.

Alternatively, it could be that larger companies are doing a better job of backing up data and putting together disaster recovery plans. It's also possible they've been discouraged by reports of ransomware scammers taking the money but then refusing to decrypt files as promised.

Blackmail Gets Nastier

The report also suggests an ongoing change of tactics by ransomware scammers. Historically they've concentrated on simply encrypting compromised data so that victims feel the pressure to pay a ransom to regain access to their files.

In recent years, ransomware scammers have begun adding a second layer to the blackmail: threatening to publish the compromised data, revealing sensitive information that could embarrass a company or destroy trust among its customers. Coveware says this tactic is now used in 86 percent of ransomware attacks. (Source: bleepingcomputer.com)

What's Your Opinion?

Are you surprised by these findings? Do you worry about ransomware in either a personal or business setting? Is it realistic to ask all businesses to refuse to pay ransoms in the hope of taking away the incentive for scammers?