Why are companies paying less and less ransom? Are hackers losing their grip?
In the first quarter of 2024, the share of companies that agreed to pay a ransom to attackers reached a record low of 28%. This data was provided by Coveware, a cybersecurity company. The comparison with the fourth quarter of 2023, when this figure was 29%, shows a slight decrease in payments, but this is still a new record.
The reduction in payments is due to increased security measures on the part of organizations, increased legal pressure on victim companies not to meet the financial requirements of intruders,as well as the violation by cybercriminals of their promises not to publish or resell stolen data after receiving a ransom.
Despite the decline in the share of payments, the total amount paid to attackers reached $1.1 billion last year. The reason was the increased number of attacks and demands for larger amounts for non-disclosure of stolen information and providing keys for decrypting data.
In the first quarter of 2024, Coveware sees a 32% drop in the average buyback amount, which now stands at $381,980, and a 25% increase in the median buyback amount, which has reached $250,000. This indicates a decrease in the number of large payouts and an increase in medium-sized payouts.
The main methods of initial penetration into target systems, according to the report, are remote access and exploitation of vulnerabilities, among which CVE-2023-20269, CVE-2023-4966 and CVE-2024-1708 were especially popular among cybercriminals.
The FBI noted the significant impact of the LockBit group disruption operation, which also caused problems for other large groups. In addition, the trust of affiliates in RaaS groups has greatly decreased, especially after the high-profile scandal with the ALPHV/BlackCat gang, which pulled off the so-called "exit scam" and embezzled millions of dollars that were extracted by one of its affiliates.
In this volatile environment, according to Coveware, the Akira ransomware gang tops the list of the most active groups in the number of attacks in the first quarter, taking first place for nine consecutive months. The FBI also recently reported that Akira was responsible for security breaches at at least 250 organizations, while receiving $42 million in ransom payments.
In the first quarter of 2024, the share of companies that agreed to pay a ransom to attackers reached a record low of 28%. This data was provided by Coveware, a cybersecurity company. The comparison with the fourth quarter of 2023, when this figure was 29%, shows a slight decrease in payments, but this is still a new record.
The reduction in payments is due to increased security measures on the part of organizations, increased legal pressure on victim companies not to meet the financial requirements of intruders,as well as the violation by cybercriminals of their promises not to publish or resell stolen data after receiving a ransom.
Despite the decline in the share of payments, the total amount paid to attackers reached $1.1 billion last year. The reason was the increased number of attacks and demands for larger amounts for non-disclosure of stolen information and providing keys for decrypting data.
In the first quarter of 2024, Coveware sees a 32% drop in the average buyback amount, which now stands at $381,980, and a 25% increase in the median buyback amount, which has reached $250,000. This indicates a decrease in the number of large payouts and an increase in medium-sized payouts.
The main methods of initial penetration into target systems, according to the report, are remote access and exploitation of vulnerabilities, among which CVE-2023-20269, CVE-2023-4966 and CVE-2024-1708 were especially popular among cybercriminals.
The FBI noted the significant impact of the LockBit group disruption operation, which also caused problems for other large groups. In addition, the trust of affiliates in RaaS groups has greatly decreased, especially after the high-profile scandal with the ALPHV/BlackCat gang, which pulled off the so-called "exit scam" and embezzled millions of dollars that were extracted by one of its affiliates.
In this volatile environment, according to Coveware, the Akira ransomware gang tops the list of the most active groups in the number of attacks in the first quarter, taking first place for nine consecutive months. The FBI also recently reported that Akira was responsible for security breaches at at least 250 organizations, while receiving $42 million in ransom payments.
