Ransomware payments dropped to a record low of 28% of companies paying ransom in the first quarter of 2024 as more and more companies refused to pay extortion demands.
The figure was 29% in Q4 2023, and payments have been diminishing steadily since early 2019, Coveware, a cybersecurity company, said in a blog post.
Additionally, a decline of 32% quarter-over-quarter (QoQ) was reported in average ransom payments, while a 25% QoQ increase in the median ransom payment was reported.
The simultaneous drop in average and rise in median ransom payments indicate a decrease in high figure payments and an increase in moderate amounts, and could be caused by ransom demands becoming more modest and fewer high-value targets falling prey to ransomware attacks.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The decrease in payments is being attributed to organisations implementing more advanced protection measures, mounting legal pressure to not pay ransoms and cybercriminals repeatedly publishing or selling stolen data despite being paid to not release it, and providing victims with a decryption key.
Action by law-enforcement agencies like the FBI also played a significant role in bringing down the number of attacks witnessed by organisations. The FBI recently disrupted the operations of a major ransomware gang that created a chain of disruptions in the operations of other major gangs. The disruptions further led to payment disputes and exit scams, further weakening the confidence of other ransomware gangs, many of which are now operating independently.
Many ransomware gangs have even quit cybercrime due to increased pressure from law-enforcement agencies and ramping up of security by organisations.
However, the dip in ransomware payments should not be taken as a sign of the weakening of operations by ransomware gangs. Many ransomware gangs are still operational with the FBI reporting that just one gang is responsible for breaches in 250 organisations, pocketing $42 million in ransom payments.
Remote access and vulnerability exploitation are being seen as the biggest avenues for ransomware attacks.
A ransomware is a type of malicious software that blocks the victim from accessing stored data by encrypting it. A ransom is then demanded from the owner in exchange for the decryption key.
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
