Extorted money on ransomware campaigns dropped for 2022

Extortion Ransomware Cyberattack Campaigns 2022 Double Extortion Data Leak

Statistical studies on ransomware incidents show that the value of extorted money from victims has dropped for the second quarter of 2022. The analysts also added that these findings were first noticed in last year’s fourth quarter.

Despite the ransomware actors increasing their average ransom payments, more and more victims refrain from paying, thus resulting in a significant drop in the value of extorted money from them.

Based on statistics, the second quarter of 2022 has an average ransom payment of $228,125, which is an 8% rise compared with the first quarter. Although, analysts stressed that the median ransom payment of $36,360 was a critical decline of 51% compared with Q1.


Another factor that resulted in the drop of extorted money from ransomware campaigns includes threat groups targeting smaller organisations with healthy financial standing.


As observed, the analysts explained that the trend was reflected when ransomware affiliates shifted their focus towards the mid-market – a less risky and more consistent target than high-profile attacks. Moreover, larger firms victimised by ransomware tend to refuse more to pay a ransom, especially with how impossibly high the monetary requests of the attackers are.

The analysts added that ransomware groups establishing smaller RaaS (Ransomware-as-a-Service) operations from dismantled old threat groups also contributed to the observed drop in the extortion value. These smaller RaaS operations often perform low-scale opportunistic attacks that are less likely to be effective against victims.

One of the most active ransomware groups recorded for 2021’s first quarter was BlackCat, with 16.9% attacks reported, and LockBit, with 13.1% attacks reported.

Double extortion, a method in which ransomware groups threaten victims to leak their files before encrypting them, was also seen by researchers as an active campaign for 2022’s second quarter, with 86% of reported cases.

Many threat groups have been observed still leaking the stolen data of their victims despite the targeted organisations paying the ransom request. Thus, the analysts believe that the companies’ bit of trust left towards threat groups has lessened, leading to denying to pay anymore.

Still, ransomware groups are less probable to stop their campaigns. Organisations worldwide have always been advised to stay cautious and to enhance their cybersecurity measures to prevent attacks.

About the author

Leave a Reply