Ransomware victims who pay subsidise future attacks

Although only 10% of ransomware victims pay their extorters, doing so is enabling attacks on numerous other organisations, according to research from Trend Micro.

A new report published by the company found that victims who pay a ransom are covering the operational costs for those who refuse to, with each payment to ransomware attackers subsidising nine further attacks.

Some ransomware attacks are more lucrative for the culprits than others, with rates of ransomware payments for LockBit- and Conti-based attacks growing to 16%, compared to only 8% for the DeadBolt ransomware.

Trend Micro attributes the variations to different attack methods, with the LockBit and Conti ransomware groups having a history of highly targeted attacks.

Those victims who do pay up are most likely to pay pretty quickly after a successful attack, Trend Micro said. A survivor analysis of the DeadBolt ransomware found that over 50% of successfully extorted victims paid within 20 days, with 75% paying within 40 days.

But paying a ransom often only results in driving up the overall cost of the incident rather than sparing victims the consequences of the attack.

The study also found that ransomware monetisation activities are at their lowest in January and July–August, suggesting that defenders may want to use these times to rebuild infrastructure and prepare for future threats.

Image credit: iStock.com/Just_Super