Ransomware Attacks Decline But Number of Strains Doubled, Researchers Found


About half of victims who ponied up the ransom never got their data back.

Global ransomware attacks fell more than 70 percent in 2017, but the unique variations of ransomware doubled and half the victims who paid the hackers never got their data back, according to reports.

While massive ransomware attacks like NotPetya and WannaCry recently bombarded hundreds of countries around the world, the total number of attacks fell drastically, down from 638 million in 2016 to roughly 184 million last year, according to a recent report by the cybersecurity company SonicWall.

Though global incidents of malware rose more than 1.4 billion in 2017, researchers speculate the sharp drop in ransomware attacks is due to the fact that victims aren’t paying ransoms as much as in the past. The novelty of ransomware made such attacks lucrative when they first came on the scene, but they’ve lost value as security firms have developed more countermeasures to thwart the hacks in recent years.

The absolute number of attacks may be on the decline, but online bad actors are constantly developing new strains of ransomware to evade existing cybersecurity measures. SonicWall saw the number of unique ransomware signatures more than double in 2017, up to 2,855 varieties from 1,419 the year before.

The shift from quantity to quality in ransomware attacks “may mark a pivot point for threat actors,” researchers wrote. “They’ve exhausted the capabilities of standard ransomware and need a new approach as payouts are seemingly in decline.”

Still, nearly 40 percent of ransomware victims pay attackers to recover their data, and less than half actually get it back, according to CyberEdge’s 2018 Defense Report. Among those who didn’t meet hackers’ demands, almost 87 percent got their data back anyways, researchers found. The survey included nearly 1,200 IT specialists from around the world.

Spain, China and Mexico remain the countries most affected by ransomware, where between 70 and 80 percent of respondents said their organizations were hit with an attack. Just more than half of U.S. participants said they were victims of ransomware, and Germany stood as the least attacked country, with about 39 percent reporting an incident.