Ransomware is still running rampant, with several major incidents in the past week alone, but according to analysis by cybersecurity company Coveware, there are signs that recent changes could reduce the total number of ransomware attacks.  But while the number of attacks could fall, there’s the possibility that the ransom demands made by successful ransomware groups could rise.  SEE: A winning strategy for cybersecurity (ZDNet special report) A number of developments are likely to have improved cybersecurity of enterprises, making them more robust against attacks. These developments include the Biden administration’s executive orders across US government agencies, the Colonial Pipeline bringing ransomware to the forefront of CEO’s minds, and moves by cyber-insurance providers to require improved cybersecurity protocols before a policy is taken out or renewed.  But it’s the rise in arrests relating to involvement in ransomware attacks that is cited as the biggest change to the ransomware landscape, with the arrest of several suspected REvil ransomware affiliates in Russia described as the most notable.  According to analysis by Coveware, this move has increased the risk profile of being involved with ransomware attacks, and thus decreases the pool of cyber criminals, because some will decide the potential for being arrested and extradited isn’t worth the risk – to the extent that some are quitting.   “The cost and risk of executing ransomware attacks are up, and if this trend continues, we expect to see the aggregate volume of attacks begin to decrease,” said researchers.  However, while a decrease in the number of attacks would be a positive overall, it could potentially come with an unwelcome side effect – the cost of ransom demands going up, particularly for less high-profile victims.  SEE: Ransomware: Is the party almost over for the cyber crooks?  According to Coveware, the average ransom payment during the final three months of 2021 was $322,168, more than double the figure of the previous quarter.  This rise comes following what researchers describe as a “tactical shift” towards targeting companies that are large enough to pay significant ransom amounts but are small enough that the attackers don’t have to spend a lot of time and effort on preparing and launching the attack. Researchers warn that this shift in tactics is likely to continue, citing an interview with a LockBit ransomware affiliate as detailing the mindset behind the change.   “You can hit the jackpot once, but provoke such a geopolitical conflict that you will be quickly found. It is better to quietly receive stable small sums from mid-sized companies,” they said. 

MORE ON CYBERSECURITY

White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raidRansomware attackers targeted this company. Then defenders discovered something curiousThis company was hit with ransomware, but didn’t have to pay up. Here’s how they did itRansomware: It’s only a matter of time before a smart city falls victim, and we need to take action nowCrooks are selling access to hacked networks. Ransomware gangs are their biggest customers