Cybercrime Trend: Fewer Firms Pay Ransoms

In the first quarter of 2024, the percentage of companies that agreed to pay ransoms to cybercriminals reached a record low of 28%. This statistic was provided by Coveware, a firm specializing in cybersecurity. This represents a slight decrease from the 29% recorded in the fourth quarter of 2023, yet it still marks a new record.

The reduction in ransom payments is attributed to enhanced protective measures by organizations, increased legal pressure on victim companies not to meet the financial demands of perpetrators, and the criminals’ breaches of their promises not to publish or resell stolen data after receiving the ransom.

Akira Ransomware

Ransomware alert message on a laptop screen – man at work

Despite the decrease in the proportion of ransom payments, the total amount paid to perpetrators reached $1.1 billion last year. This rise is due to the increasing frequency of attacks and demands for larger sums in exchange for not disclosing stolen information and providing decryption keys.

In the first quarter of 2024, Coveware noted a 32% drop in the average ransom amount, which now stands at $381,980, and a 25% increase in the median ransom size, which has reached $250,000. This indicates a decrease in the number of large payments and an increase in medium-sized payments.

According to the report, the primary methods of initial penetration into target systems are remote access and exploitation of vulnerabilities, with CVE-2023-20269, CVE-2023-4966, and CVE-2024-1708 being particularly popular among cybercriminals.

The FBI has noted the significant impact of an operation disrupting the activities of the LockBit group, which also caused issues for other major groups. Moreover, affiliates’ trust in Ransomware as a Service (RaaS) groups has significantly decreased, especially following a high-profile scandal involving the ALPHV/BlackCat gang, which executed a so-called “exit scam” and absconded with millions of dollars collected by one of its affiliates.

In this volatile environment, according to Coveware, the ransomware gang Akira leads the list of the most active groups in terms of the number of attacks in the first quarter, maintaining the top spot for nine consecutive months. The FBI also recently reported that Akira is responsible for security breaches in at least 250 organizations, having collected $42 million in ransoms.