Jan 30, 2024 - Technology

Companies aren’t paying ransoms like they used to

Data: Coveware; Chart: Axios Visuals
Data: Coveware; Chart: Axios Visuals

Fewer ransomware victims are paying up when faced with a ransomware attack, according to a new report from ransomware negotiation firm Coveware.

Why it matters: Malicious hackers are opportunistic and follow the money.

  • If the money dries up in ransomware, they're likely to turn to other schemes.

By the numbers: 29% of organizations paid a ransom in the last quarter of 2023 to get their stolen data back and unlock their systems during a cyberattack, according to Coveware's report, released Friday.

  • That's a completely different story from the 85% who were paying in the first quarter of 2019.
  • The average ransom payment in the fourth quarter of 2023 was roughly $568,000 — a 33% drop from the third quarter.

Between the lines: Coveware attributes the drop last quarter to a few factors.

  • Enterprise networks have built up better cyber defenses and have more data backups to help them recover quickly.
  • More companies don't trust hackers to keep their promises and delete any stolen data.

The big picture: Ransomware has become a top cyber threat for all organizations — from the world's largest companies to small mom-and-pop businesses — over the last five years.

Yes, but: Ransomware hackers are known to be adaptable and will likely change their tactics to get more payments.

  • Cybersecurity officials and industry experts believe ransomware is already an endemic issue.

Editor's note: This story has been corrected to show that 29% of organizations paid a ransom in the last quarter of 2023 (not 2024).

Go deeper