For years, ransomware gangs have terrorized companies, schools, and hospitals, but in a sign of progress, more victims are refusing to give into the ransom demands.
In Q4, the proportion of victims that paid to free themselves from a ransomware attack declined to a record low, at only 29%, according to Coveware, a cybersecurity provider that helps companies fend off ransomware assaults.
Q4 also wasn’t a one-off. Coveware’s data shows a growing trend of more companies refusing to pay that began about three years ago, when around 60% gave into ransomware demands.
As for why, Coveware says the entire industry has become more adept at responding to a successful ransomware incident. Normally, these attacks can encrypt entire fleets of computers while also looting confidential information. However, Coveware notes that many companies are able to recover from a ransomware attack using their own backups.
In addition, more victims are realizing that paying a ransom offers no guarantee that the looted data will ever be erased. Instead, it could be secretly traded to other cybercriminal groups. At the same time, the ransomware gang could use the looted data to help it target the victim again.
Coveware adds: “The industry continues to get smarter on what can and cannot be reasonably obtained with a ransom payment. This has led to better guidance to victims and fewer payments for intangible assurances.”
On the downside, ransomware gangs continue to extract a large amount of funds from victims who do pay up. In Q4, the average ransomware payment reached $568,705, up from $408,644 a year ago. At the same time, the number of data breaches in 2023 reached a new record high, involving 3,205 publicly known compromises, according to the Identity Theft Resource Center.
Coveware publishes the data as the company is urging the industry to establish a stronger united front to take down the ransomware scourge. This includes collaborating with law enforcement over the long term, rather than merely asking them for assistance during a ransomware attack.
“We would estimate that less than 10% of those same (ransomware) victims, when contacted by law enforcement for further assistance in the months and years afterwards, actually continue to collaborate,” Coveware says. “This lack of follow through badly hamstrings law enforcement bodies as they can not bring investigations to a close without collecting proper evidence from victims.”
According to Coveware’s data, most victims hit with ransomware are largely small to medium businesses with an employee headcount lower than 1,000 people.