Companies aren’t paying ransoms like they used to
Add Axios as your preferred source to
see more of our stories on Google.
Fewer ransomware victims are paying up when faced with a ransomware attack, according to a new report from ransomware negotiation firm Coveware.
Why it matters: Malicious hackers are opportunistic and follow the money.
- If the money dries up in ransomware, they're likely to turn to other schemes.
By the numbers: 29% of organizations paid a ransom in the last quarter of 2023 to get their stolen data back and unlock their systems during a cyberattack, according to Coveware's report, released Friday.
- That's a completely different story from the 85% who were paying in the first quarter of 2019.
- The average ransom payment in the fourth quarter of 2023 was roughly $568,000 — a 33% drop from the third quarter.
Between the lines: Coveware attributes the drop last quarter to a few factors.
- Enterprise networks have built up better cyber defenses and have more data backups to help them recover quickly.
- More companies don't trust hackers to keep their promises and delete any stolen data.
The big picture: Ransomware has become a top cyber threat for all organizations — from the world's largest companies to small mom-and-pop businesses — over the last five years.
- Government officials have spent years trying to make a dent in the number of ransomware attacks targeting businesses, governments and other entities.
Yes, but: Ransomware hackers are known to be adaptable and will likely change their tactics to get more payments.
- Cybersecurity officials and industry experts believe ransomware is already an endemic issue.
Editor's note: This story has been corrected to show that 29% of organizations paid a ransom in the last quarter of 2023 (not 2024).
