Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Just say no: Only 29% of ransomware victims paid the ransom in the fourth quarter of last year

January 30, 2024

Todd Shryock

News

Article

Ransomware payments decline, reflecting changing trends and better preparedness

Ransomware payment decrease: ©Vchalup - stock.adobe.com

In the final quarter of 2023, the landscape of ransomware attacks witnessed significant shifts, marked by a decrease in the average ransom payment by 33%, dropping to $568,705 compared to Q3 2023, according to a report from Coveware. However, the median ransom payment remained stable at $200,000 during the same period.

One notable trend was the decline in the proportion of ransomware victims choosing to pay ransoms, hitting a record low of 29% in Q4 2023. This shift is attributed to various factors, primarily the growing resilience of enterprise environments. Companies affected by ransomware incidents are increasingly demonstrating the ability to recover partially or fully without resorting to ransom payments.

Additionally, a data-driven reluctance to pay for intangible promises from cybercriminals contributed to the decrease in ransom payments. This includes promises not to publish or misuse stolen data and assurances of immunity from future attacks or harassment. The industry is becoming more informed about what can reasonably be achieved with a ransom payment, resulting in better guidance for victims and a reduction in payments for intangible assurances.

The report highlights a decrease in the volume of data-exfiltration-only payments, emphasizing examples of how data assurances can fail even when dealing with well-known ransomware groups.

The median company size of victimized organizations fell to 231 employees, a 32% decrease from Q3 2023. Despite several high-profile incidents drawing media attention, ransomware continues to predominantly impact small to mid-market companies.

The big four industries affected by ransomware—professional services, health care, consumer services, and the public sector—remained consistent quarter over quarter. The report emphasizes that ransomware is industry-agnostic, and a single sector's prevalence in the data does not necessarily indicate targeted attacks. Instead, it suggests that certain industries may be more susceptible due to general characteristics, such as being behind on patching and having limited cybersecurity resources.

Company size and reported revenue figures emerge as more telling predictors of the threat actor group targeting an organization. While some threat groups may adopt a opportunistic approach, the data suggests that others specifically target enterprises above a certain size and financial threshold.