Companies are paying significantly less to data-stealing programs

In the last quarter of 2023, there was a significant decline in the number of data-stealing ransomware victims who decided to pay a ransom, to a record low of 29%, according to Coveware, a cybercrime negotiation company, writes Bleeping Computer. This trend, which began to emerge in mid-2021, reflects the growing reluctance of victims to comply with cybercriminals’ demands, compared to the 85% payout rate seen in early 2019.

The percentage of payments to data-stealing programs decreased significantly in Q4 2023. Source: Coveware

Coveware attributes this decline to several factors, including improved preparedness of organizations for such cases, decreased trust in cybercriminals’ promises not to publish stolen data, and legal pressure in countries where ransom payments are considered illegal. Interestingly, even in cases of data theft, the payment rate dropped to 26% in the last quarter of 2023.

The average ransom payment has also declined: in Q4 2023, it dropped by 33% to $568,705, while the average payment was $200,000. This decline in payment size coincides with a shift in the size of organizations targeted by ransomware, reversing a trend that began in Q2 ’22 when attackers began to focus on larger organizations in anticipation of lower payment rates.

Despite the global threat posed by ransomware, the decline in ransomware cases is a positive development, indicating that collective efforts to combat this threat are paying off.