• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Just say no: Only 29% of ransomware victims paid the ransom in the fourth quarter of last year


Ransomware payments decline, reflecting changing trends and better preparedness

Ransomware payment decrease: ©Vchalup -

Ransomware payment decrease: ©Vchalup -

In the final quarter of 2023, the landscape of ransomware attacks witnessed significant shifts, marked by a decrease in the average ransom payment by 33%, dropping to $568,705 compared to Q3 2023, according to a report from Coveware. However, the median ransom payment remained stable at $200,000 during the same period.

One notable trend was the decline in the proportion of ransomware victims choosing to pay ransoms, hitting a record low of 29% in Q4 2023. This shift is attributed to various factors, primarily the growing resilience of enterprise environments. Companies affected by ransomware incidents are increasingly demonstrating the ability to recover partially or fully without resorting to ransom payments.

Additionally, a data-driven reluctance to pay for intangible promises from cybercriminals contributed to the decrease in ransom payments. This includes promises not to publish or misuse stolen data and assurances of immunity from future attacks or harassment. The industry is becoming more informed about what can reasonably be achieved with a ransom payment, resulting in better guidance for victims and a reduction in payments for intangible assurances.

The report highlights a decrease in the volume of data-exfiltration-only payments, emphasizing examples of how data assurances can fail even when dealing with well-known ransomware groups.

The median company size of victimized organizations fell to 231 employees, a 32% decrease from Q3 2023. Despite several high-profile incidents drawing media attention, ransomware continues to predominantly impact small to mid-market companies.

The big four industries affected by ransomware—professional services, health care, consumer services, and the public sector—remained consistent quarter over quarter. The report emphasizes that ransomware is industry-agnostic, and a single sector's prevalence in the data does not necessarily indicate targeted attacks. Instead, it suggests that certain industries may be more susceptible due to general characteristics, such as being behind on patching and having limited cybersecurity resources.

Company size and reported revenue figures emerge as more telling predictors of the threat actor group targeting an organization. While some threat groups may adopt a opportunistic approach, the data suggests that others specifically target enterprises above a certain size and financial threshold.

Related Videos
Kyle Zebley headshot