Ransomware payments are falling as victims refuse to pay up

Lock on Laptop Screen
(Image credit: Future)

It’s getting harder for ransomware operators to get the victims to pay up, but once they do - they pay more than they did a year ago. 

A new report from Coveware claims that although the number of payments dropped, the value of the payments made rose.

It found the average ransom payment for the second quarter of the year was $228,125, up 8% compared to the quarter before. At the same time, the median ransom payment was “just” $36,360, which is a drop of more than half (51%), compared to Q1.

Targeting smaller firms

This change doesn't appear to be a one-off, but a trend that started in the fourth quarter of 2021, when payments were at their highest (average was $332,168, and median was $117,116).

“This trend reflects the shift of RaaS affiliates and developers towards the mid-market where the risk to reward profile of attack is more consistent and less risky than high profile attacks,” the report reads. 

“We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts.”

The change could also be due to the fact that ransomware operators set their sights on a different kind of business. They’re now targeting smaller, but financially stable organizations, Coveware added. When it comes to most active families, there had been no significant changes, with BlackCat still topping the list with 16.9% of all known attacks. With 13.1%, LockBit was second. 

Their tactics have not changed much, either, as double extortion attacks (encryption + data theft and the threat of leaks), being the most popular method. Almost all incidents (88%) included both data encryption and theft. 

Coveware also reiterated what experts have been saying all this time - paying does not pay, as in many cases, threat actors continued the extortion, or leaked the stolen files despite being paid. 

The average downtime that came as a result of ransomware attacks dropped by 8%, to 24 days, compared to Q1.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.