Researchers said cybercrime syndicates’ earnings have seen a 40% drop due to victims’ increasing refusal to pay hackers.
Cryptocurrency experts at Chain Analysis say that cyber gangs earned about $457 million by extorting victims in 2022, which is $311 million less than the previous year.
The real numbers are likely to be higher, but experts agree that the number of victims willing to pay ransoms is declining.
But despite the decrease in gains, the number of cyber attacks is increasing.
Companies, governments, schools and even hospitals around the world regularly fall victim to hackers who deprive employees of their IT systems, in order to be paid, usually in Bitcoin.
Hackers often threaten to publish or sell stolen data.
Many of the gangs are believed to be based in Russia, although Russian officials deny that Russia is a haven for these groups.
Analysts at Chain Analysis track money flowing in and out of bitcoin wallets known to be owned by ransomware gangs.
The researchers expect that the proceeds of crime are much higher than what they can see, because hackers are more likely to use other wallets.
However, the company says the trend is clear: payments have fallen dramatically.
Bill Siegel of Coverware, a firm that specializes in negotiating with hackers, says his clients are becoming increasingly reluctant to give in to hackers, who can demand millions of dollars.
In 2022, 41% of his customers paid a ransom, compared to 70% in 2020, he says.
No government has made it illegal to pay ransoms to hackers, but cyber experts believe that US sanctions against hacker groups, or those with links to Russia’s Federal Security Service, have made paying some groups legally risky.
“We refuse to pay a ransom if there is even the slightest hint of a connection to a sanctioned entity,” Siegel said.
Other factors may be at play, including increased awareness of ransomware leading to improved cyber security in organizations.
“Hackers definitely find it more difficult to get paid for attacks,” said Brett Callow, a researcher at cybersecurity firm Emsisoft.
He added that companies are getting better at protecting backups of their data, which has reduced their need to pay hackers to restore them.
“As the attacks become so common, they become less of a disservice to companies, which makes them less likely to be paid to cover up the incident and keep it out of the news.”