An incident response firm recently reported that the percentage of organizations opting to pay extortion after falling victim to ransomware has hit an unprecedented low of 25%. Coveware, the incident response firm, gathered this data from numerous cases it worked on during the final quarter of last year, compared to a third of organizations that paid out during the previous quarter.
The decline in ransom payments can be attributed to several factors, including enhanced cybersecurity defenses, improved business resilience through stronger backup and recovery capabilities, and organizations choosing not to give in to cybercriminal demands. Additionally, the crackdown on high-profile ransomware groups and their cybercrime operations by law enforcement has played a significant role in deterring victims from paying ransoms. The unmasking and trolling of operators and affiliates by police have disrupted the psychological shakedown tactics employed by these criminals, undermining their ability to intimidate victims into paying.
As a result of these collective efforts, the median ransomware payment dropped by 45% towards the end of last year, from $200,000 to $110,890. Despite this decline in ransom payments, cases involving data exfiltration have seen an increase, rising from 76% to 87% in the final quarter of 2024. This indicates a shift in tactics by attackers who are now resorting to stealing and exfiltrating data as a means to generate profits.
Although there has been a rise in cases where victims pay ransoms for promises to delete stolen data, security experts continue to advise against such actions. Criminals have a notorious track record of not honoring their promises, and victims often end up with compromised data despite making payments. Therefore, payments should only be considered as a last-resort option when there are no other means to recover critical data.
Furthermore, the validity of ransomware as a profitable business model for cybercriminals has been weakened by these efforts to deter payments. While ransomware groups continue to innovate and evolve, leveraging technologies like AI and social engineering to enhance their attacks, law enforcement agencies and cybersecurity experts remain vigilant in combating these threats.
Ransomware attacks have evolved to target various vulnerabilities, with phishing and remote access compromise being the predominant vectors for cybercriminals. Encryption remains a prevalent tactic in ransomware attacks, with attackers increasingly targeting ESXi hypervisor file systems. Groups like Akira, Fog, and others have been identified as key players in ransomware attacks, with Akira notably avoiding market fluctuations and maintaining a low profile in the healthcare and critical infrastructure sectors.
In conclusion, the decline in ransom payments and the increased efforts to combat ransomware attacks signal a positive trend in the fight against cybercrime. While cybercriminals continue to adapt their tactics, organizations and law enforcement agencies alike are stepping up their efforts to protect against ransomware threats and safeguard critical data.