A report by Coveware, an incident response company, found that many companies are no longer willing to pay ransoms.
In late January, Coveware released a report documenting the average ransomware payments in Q4 2023. For companies that pay, the average ransom payment decreased by approximately 33% from Q3, averaging $568,705 in Q4. The median ransomware payment went unchanged between quarters, at $200,000.
Coveware believes the changes may be because smaller companies are now being targeted. Similarly, smaller ransomware groups are also reappearing.
Furthermore, the report found that only 29% of ransomware victims opted to pay a ransom in 2023 Q4, a record-low percentage. Coveware attributed this to two variables:
The report found the top ransomware variants in Q4 included Akira, Blackcat, Lockbit 3.0, and Play Ransomware. Some new variants have also entered the market, including Silent Ransom, Medusa, NoEscape, and Phobos. Overall, variants tended to be more diverse in Q4 than in other quarters.
Coveware found that most attacks occurred through RDP compromise, email phishing, or software vulnerability. Some attacks occurred internally or for unknown reasons.
Lastly, the report found that the median victimized company size was around 231 employees, which was a 32% decrease from the previous quarter. The industries hit the hardest continue to be Professional Services, Healthcare, Consumer Services, and the Public Sector.
Read more: New ransomware alert released for Play Ransomware
The data from Coveware can help companies predict cybersecurity trends to come. Refusal to pay has become hailed as a strong response against ransomware organizations, as it can lower the effectiveness of an attack.
As more companies begin to consider this, we may see a decrease in ransomware attacks.
Despite the new trend, many companies still agree to pay ransoms and it’s unlikely this will change. For some companies, paying a ransom can seem like the only way out.
Read more: Refusal to pay is the newest strategy to combat ransom attacks
Data like this can help organizations prepare for what may happen in the next quarter. More important, however, is how companies react to this information.
Many companies still need to improve their prevention and response measures. The best way to respond to an attack is to prevent it from occurring in the first place. Investing in strong software that can aid in ransomware prevention could save your organization significant money down the line.
Related: HIPAA Compliant Email: The Definitive Guide