The declining number of ransomware victims who opt to pay a ransom is a positive sign in the ongoing battle against cybercrime. According to a report from ransomware incident response firm Coveware, during the final quarter of 2023, an average of 29% of organizations hit by ransomware paid a ransom. This represents a notable decrease from previous years, and it’s a trend that’s being mirrored by cyber insurance provider Corvus, which reported that 27% of its policyholders paid a ransom in the same time period.
These statistics are a stark contrast to figures from past years, as illustrated in the following table:
– In 2019, 76% of victims paid the ransom
– In 2020, 70% of victims paid
– In 2021, 50% of victims paid
– In 2022, 41% of victims paid
– In 2023, only 29% of victims paid
The decrease in the willingness of ransomware victims to pay can be attributed to several factors. First and foremost, organizations are becoming more informed about the tactics used by ransomware groups. Coveware notes that fewer victims are falling for the promises made by criminals, such as assurances that stolen data will be deleted. The reality is that there’s no evidence to suggest that these promises are ever fulfilled, and victims are increasingly aware of this fact.
Additionally, recent revelations have exposed the fraudulent activities of certain ransomware groups, which has further eroded victims’ willingness to pay. The emergence of groups that falsely claim to have stolen data from high-profile organizations, coupled with the realization that even if data is leaked, the impact may be significantly less than the demanded ransom, has led to a more informed approach from potential victims.
Furthermore, the assistance provided by authorities, such as the FBI, has played a key role in dissuading organizations from paying ransoms. The FBI’s rapid on-site victim assistance and effective communication have helped to alleviate the fear that is often the driving force behind ransomware payments.
In line with this trend, organizations have also bolstered their resilience capabilities, making them less reliant on paying ransoms for data decryption. Many companies impacted by ransomware are now able to recover from incidents without the need for decryption tools, and the presence of recoverable backups has made victims significantly less likely to pay the ransom.
It’s important to note that while the number of victims paying ransoms has decreased, the amount of money being paid to these criminals is still substantial. The median ransom amount paid by a victim remained steady at $200,000, and the average payment declined by 33% to $569,000. However, this decrease in the average payment can be attributed to fewer groups pursuing “big game hunting” – targeting larger organizations in pursuit of larger ransoms – due to the improved resilience capabilities of these organizations.
Overall, the declining number of ransom payments is a positive development in the fight against cybercrime. It represents a shift in victim behavior and a growing awareness of the tactics used by ransomware groups. While the battle is far from over, any progress that reduces the flow of funds to cybercriminals is a step in the right direction.