In the first quarter of 2024, ransomware attacks saw a significant development as only 28% of affected companies chose to pay the ransom, reaching a record low. This decrease, noted by cybersecurity firm Coveware, continues a trend of diminishing payments that began in early 2019. Despite this decline in the payment rate, the impact of ransomware attacks remains substantial, with total payments to ransomware actors reportedly reaching $1.1 billion last year. The trend suggests that while fewer companies are willing to meet ransom demands, those that do are paying higher amounts due to increased demands by ransomware gangs.
The drop in ransom payments is attributed to several factors including enhanced cybersecurity measures by organizations, increased legal pressures against paying ransoms, and a growing distrust in ransomware operators who frequently fail to uphold promises not to publish or resell stolen data. Additionally, law enforcement efforts, such as the FBI’s disruption of the LockBit ransomware operation, have introduced instability and mistrust within ransomware circles, leading to disputes and the collapse of some ransomware groups.
The first quarter of 2024 also saw a shift in the ransom payment landscape. According to Coveware, there was a 32% quarter-over-quarter drop in the average ransom payment, which now stands at $381,980, alongside a 25% increase in the median ransom payment, now at $250,000. This indicates a decrease in high-figure ransom demands and an increase in more moderate demands, suggesting a strategic adjustment by ransomware groups possibly in response to the increasing reluctance to pay.
Ransomware remains a critical threat with Coveware reporting that common initial infiltration methods include remote access and exploitation of vulnerabilities, with specific CVEs mentioned as widely exploited in the recent quarter. Despite some affiliates moving away from ransomware-as-a-service (RaaS) models to operate independently or even exit cybercrime, new threats continue to emerge. Akira, for instance, has become the most active ransomware, responsible for breaches in at least 250 organizations and amassing $42 million in ransom payments, underscoring the evolving and persistent nature of ransomware threats.
