Ransomware payments have reached a record low of 28% of companies paying ransom in the first quarter of 2024. This figure represents a significant drop from the 29% reported in Q4 2023 and continues a steady decline since early 2019, according to Coveware, a cybersecurity company.
In addition to the overall decrease in payments, Coveware reported a 32% quarter-over-quarter (QoQ) decline in average ransom payments. However, the median ransom payment increased by 25% QoQ. This suggests that high-figure payments are decreasing, while moderate ransom demands are becoming more common. This could indicate that ransom demands are becoming more realistic, targeting smaller organizations or seeking smaller ransom amounts.
Several factors have contributed to the decrease in ransomware payments. Organizations are implementing more advanced protection measures, deterring attacks and making it harder for attackers to encrypt data. Legal pressure is also mounting, with governments and law enforcement agencies cracking down on ransomware gangs and encouraging victims not to pay. Cybercriminals have also damaged their reputation by repeatedly publishing or selling stolen data despite receiving payment, leading to a loss of trust among potential victims.
Law enforcement agencies, such as the FBI, have played a crucial role in disrupting ransomware operations. The FBI recently disrupted a major ransomware gang, leading to a chain reaction that weakened other gangs and caused payment disputes and exit scams. This has further eroded the confidence of ransomware gangs, many of which are now operating independently. Additionally, increased pressure from law enforcement agencies and enhanced security by organizations have led many ransomware gangs to abandon cybercrime altogether.
Despite the decline in payments, cybersecurity experts caution against complacency. Ransomware gangs remain active, and the FBI reported that just one gang is responsible for breaching 250 organizations and pocketing $42 million in ransom payments. Remote access and vulnerability exploitation are still major avenues for ransomware attacks, and organizations must remain vigilant in implementing security measures and educating employees about phishing and social engineering tactics.