No One Cares About Ransomware
Except us...and Ransomware Groups
Did you know that ransomware attacks against schools are up significantly for the first quarter of 2025?
They are. How about healthcare providers? Those attacks also increased significantly in the first quarter of 2025.
By almost every estimate that I’ve seen, ransomware attacks are up across the board in the first quarter of 2025.
NO. ONE. CARES.
I mean, you do; you’re reading this. But, for the most part no one cares and I am trying to figure out why that is. I’ve talked about ransomware fatigue in the Board Room before, but this is different. Even reporters who normally write about ransomware aren’t writing about incidents with the frequency they used to. I’ve even had several reporters tell me that CL0P has complained no one is covering their Cleo exploit and subsequent data leaks.
I think the problem is one of the attention economy [PDF]. There is a A LOT happening now, and there is a lot of bad happening now. It’s hard to draw people’s limited attention to ransomware when there is so much new badness every day.
To some extent ransomware as always thrived by being able to manipulate the attention economy, but this is especially true since 2019 and the advent of data leak sites. By dripping data leaks slowly and, often salaciously, ransomware groups have been able to command the attention of reporters and researchers. But, it’s hard to compete with a random dude dropping Oracle credentials or the Chinese government infiltrating most major US telecoms or, well, everything.
Ransomware groups have been masterful at controlling the attention economy, but their power to do so is fading. Unless there is a new equivalent to Colonial Pipeline or United Healthcare ransomware attacks will continue to get less attention and that may have an unintended consequence.
You see, despite ransomware attacks being up this quarter, all signs point to the number and amount of ransomware payments being down. The same is true for last year, more publicly reported ransomware attacks but less money being paid to ransomware groups. If attacks continue to get less attention there may be even less incentive for victims to pay, especially as encryption falls out of favor for many ransomware groups.
Could the end of ransomware really be as simple as ignoring the threat actors? One can only hope.