According to cybersecurity firm Coveware, the share of companies paying ransom to attackers hit a record low of 28% in the first quarter of 2024. This marks a slight decrease from the fourth quarter of 2023, when the percentage stood at 29%, but still represents a new low point for ransom payments.
The drop in ransom payments can be attributed to increased security measures implemented by organizations, heightened legal pressure on victims to resist paying attackers, and the fact that cybercriminals often break their promises not to misuse or sell stolen data after receiving payment.
Despite the decrease in the share of ransom payments, the total amount paid to attackers in 2023 reached $1.1 billion. This can be attributed to the growing number of attacks and the demand for larger sums to prevent disclosure of stolen information and provide decryption keys.
In the first quarter of 2024, Coveware observed a 32% decrease in the average ransom amount, which now stands at $381,980, while the median ransom amount increased by 25% to $250,000. This shift indicates a decrease in larger payments and an increase in medium-sized ransom demands.
According to the report, common methods of breaching target systems include remote access and exploiting vulnerabilities such as cve-2023-20269, cve-2023-4966, and cve-2024-1708, which are popular among cybercriminals.
The FBI has highlighted the impact of operations targeting the LockBit group, which has disrupted activities of other major cybercriminal groups. This includes disputes over payments and fraudulent schemes, reminiscent of the BlackCat/ALPHV case.
A decrease in trust among affiliates in ransomware-as-a-service (RAAS) groups has also been noted, particularly following a scandal involving the ALPHV/BlackCat gang, which engaged in fraudulent practices and misappropriated millions of dollars from an affiliate.
In the ever-changing landscape of cybercrime, Coveware reports that the Akira software group remains the most active in terms of attacks during the first quarter of 2024, holding the top spot for nine consecutive months. The FBI has identified Akira as responsible for breaching security in at least 250 organizations and receiving $42 million in ransom payments.