According to reports from ransomware incident response firm Coveware and cyber insurance provider Corvus, the percentage of organizations paying ransoms has reached a record low, with only 29% of victims opting to pay during the last quarter of 2023. This downward trend reflects a broader reluctance among organizations to accede to ransom demands, marking a potential setback for ransomware operators.
Several factors contribute to the decline in ransom payments, including heightened awareness among organizations regarding the ineffectiveness of paying for “intangible promises” made by cybercriminals. Experts emphasize that such promises, including assurances of data deletion, lack credibility and often result in further extortion attempts. Additionally, improved guidance for ransomware victims and the proactive intervention of law enforcement agencies, particularly the FBI, have played a pivotal role in dissuading organizations from paying ransoms.
Enhanced business resilience capabilities further bolster organizations’ resistance to ransomware attacks, with many entities increasingly able to recover from incidents without resorting to decryption tools. The importance of robust backup systems is underscored, as organizations with recoverable backups are significantly less likely to pay ransoms. Despite the decline in ransom payments, the ransomware threat remains prevalent, with millions of dollars’ worth of cryptocurrency still flowing to cybercriminals annually.
The median ransom amount remains steady at $200,000, while the average payment has declined by 33% to $569,000, attributed to fewer cybercriminal groups targeting larger organizations for hefty ransoms.
