The first quarter of 2024 has witnessed a significant shift in the ransomware payment landscape, with only 28% of affected companies choosing to meet the extortion demands of cybercriminals, marking a record low. This represents a slight decrease from the 29% recorded in the final quarter of 2023. Cybersecurity firm Coveware attributes this downward trend to a combination of factors, including enhanced protective measures adopted by organizations, increased legal repercussions for paying ransoms, and a growing distrust in cybercriminals’ promises not to leak or sell stolen data upon receiving the ransom.
Financial Implications and Attack Trends
Despite the decrease in payment rates, the financial stakes have never been higher. A recent report by Chainalysis highlights that the total amount paid to ransomware actors reached a staggering $1.1 billion last year. This paradoxical increase is due to ransomware gangs intensifying their attacks, targeting a broader range of organizations, and demanding higher ransoms for the decryption keys and the non-disclosure of stolen data.
Coveware’s analysis for Q1 2024 reveals a 32% quarter-over-quarter drop in the average ransom payment to $381,980, alongside a 25% increase in the median payment, now at $250,000. These figures suggest a shift towards more moderate ransom demands and possibly a strategic move away from targeting high-value entities.
Infiltration Methods and Law Enforcement Impact
The report also sheds light on the initial methods of ransomware infiltration, with a notable increase in cases where the exact vector remains unidentified, accounting for nearly half of all incidents. Among the known methods, remote access and the exploitation of vulnerabilities, particularly CVE-2023-20269, CVE-2023-4966, and CVE-2024-1708-9, are the most prevalent. Furthermore, Coveware credits recent law enforcement operations, such as the FBI’s disruption of the LockBit ransomware group, with significantly impacting the ransomware ecosystem. These actions have not only caused turmoil among major ransomware gangs but have also led to a decrease in confidence among ransomware affiliates, prompting many to either operate independently, using services like Dharma/Phobos, or exit the cybercrime scene altogether.
Last Updated on November 7, 2024 8:53 pm CET