Ransomware payments are declining as more victims refuse to pay

Coveware data shows that the average payment decreased by 34% to £112,800 in the fourth quarter of 2020

The average ransom payment to hackers decreased by more than a third in the fourth quarter of 2020 as more victims opted not to pay up.

That’s according to cyber security company Coveware, which found a sharp decline in the average and median payments that ransomware victims paid to attackers.

Coveware’s data, gathered from ransomware incidents the company helped companies respond to in Q4 2020, showed that average ransomware payments decreased by 34% to $154,000 (around £112,800) while median payments dropped 55% from $110,532 (£81,000) to $49,450 (£36,000) over the same period.

The findings indicate a reversal of a trend that saw average ransom payments steadily increase since at least Q4 2018. There was even an increase between the first and third quarter of last year, with average payments increasing from $111,605 (£81,000) to $233,817 (£171,000).

Coveware’s data also showed that fewer organisations gave in to cyber extortion demands if they had a chance to recover data from backups during the final quarter of 2020. Although seven in ten of the ransomware attacks responded to last quarter involved data exfiltration and the use of stolen data as leverage to try and force victims to pay, Coveware noted that victims are beginning to realise that doing so is unlikely to prevent the release of stolen data.

Around 60% of ransomware victims opted to pay in Q4, according to the findings, compared with almost 75% in the previous quarter, and Coveware noted that it continues to witness signs that stolen data is not deleted or purged after payment.

Related Resource

The total economic impact of IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify

Cost savings and business benefits enabled by IBM Security Verify - whitepaper from IBMDownload now

"Moreover, we are seeing groups take measures to fabricate data exfiltration in cases where it did not occur," the security firm said. "These tricks and tactics put a premium on ensuring that threats are thoroughly validated."

Phishing emails and exploitation of Remote Desktop Protocol (RDP) are the most common methods for ransomware attacks, the cyber security company found.

This is the first quarter since Coveware has been tracking data that RDP compromise has not been the primary attack vector. The company said that malware such as Trickbot and Emotet favour widespread phishing campaigns as their primary delivery mechanism.

"Unlike ransomware malware, these threats possess worming capabilities that allow them to stealthily proliferate through a high volume of enterprise networks," Coveware commented. "There they lay down secure footholds that are sold further down the supply chain to ransomware actors. We expect a reshuffling of attack vectors to occur in the wake of the Emotet takedown."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

9 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021