It's been a busy year for ransomware, and attackers have a few new tricks up their sleeve. In their monthly review, Malwarebytes takes a look at ransomware developments so far and what we might see in the near future. And spoiler alert! There is also some rare, good news about ransom payments.

The beginning of the year saw the number of ransomware attacks at an expected low. But thanks to threat groups digging in, it gave way to an unusual 44% jump in just one month. Some of this rise may be due to ALPHV, a Russian-linked ransomware gang, relentlessly targeting the healthcare sector. It also includes their devastating attack on Change Healthcare, a major U.S. healthcare technology company.

No Honor Among Thieves

Ransomware victims are now being exposed to "follow-on" extortion where the ransomware attacks themselves are being exploited. These attacks involve fake "security researchers" offering their data recovery services to victims. For payment in Bitcoin, these crooks claim they can return hijacked data. Truth is, they have no ability to get a victim's data back and are looking for a quick Bitcoin infusion. At the moment, it's not clear if these actors are part of the ransomware attack plan or are simply opportunists looking for their own way to exploit victims.

Pay Up...Or Not

It appears ransomware victims aren't paying up like they used to. In fact, some say the long-time trend of quickly paying up to get data back and a business up and running again is actually reversing. In 2019, 85% of victims saw paying a ransom as their only choice. However, a Coveware report found only 29% of victims in the last quarter of 2023 paid ransoms, and ransom amounts are now smaller than ever before. One suggestion is increased media coverage leads businesses to take these attacks seriously, and that can lead to improved cybersecurity.

There's no crystal ball telling us what ransomware attacks will look like tomorrow, but we do have a few clues. Security basics like using MFA, anti-virus software, employee cyber education, limiting access privileges, and backing-up data are a must for ransomware prevention. But we also know attackers will continue looking for new ways to grow their crimes. Improved security and continued pursuit of these criminals make it more difficult and costly for ransomware gangs. Of course, continuing the non-payment trend is also encouraged. That much we do know.