The average ransom payment to hackers decreased by more than a third in the fourth quarter of 2020 as more victims opted not to pay up.
That’s according to cyber security company Coveware, which found a sharp decline in the average and median payments that ransomware victims paid to attackers.
UK ransomware attacks surged 80% in latest quarter The truth about ransomware Ryuk ransomware earnings top $150 million
Coveware’s data, gathered from ransomware incidents the company helped companies respond to in Q4 2020, showed that average ransomware payments decreased by 34% to $154,000 (around £112,800) while median payments dropped 55% from $110,532 (£81,000) to $49,450 (£36,000) over the same period.
The findings indicate a reversal of a trend that saw average ransom payments steadily increase since at least Q4 2018. There was even an increase between the first and third quarter of last year, with average payments increasing from $111,605 (£81,000) to $233,817 (£171,000).
Coveware’s data also showed that fewer organisations gave in to cyber extortion demands if they had a chance to recover data from backups during the final quarter of 2020. Although seven in ten of the ransomware attacks responded to last quarter involved data exfiltration and the use of stolen data as leverage to try and force victims to pay, Coveware noted that victims are beginning to realise that doing so is unlikely to prevent the release of stolen data.
Around 60% of ransomware victims opted to pay in Q4, according to the findings, compared with almost 75% in the previous quarter, and Coveware noted that it continues to witness signs that stolen data is not deleted or purged after payment.
RELATED RESOURCE
The total economic impact of IBM Security Verify
Cost savings and business benefits enabled by IBM Security Verify
"Moreover, we are seeing groups take measures to fabricate data exfiltration in cases where it did not occur," the security firm said. "These tricks and tactics put a premium on ensuring that threats are thoroughly validated."
Phishing emails and exploitation of Remote Desktop Protocol (RDP) are the most common methods for ransomware attacks, the cyber security company found.
This is the first quarter since Coveware has been tracking data that RDP compromise has not been the primary attack vector. The company said that malware such as Trickbot and Emotet favour widespread phishing campaigns as their primary delivery mechanism.
"Unlike ransomware malware, these threats possess worming capabilities that allow them to stealthily proliferate through a high volume of enterprise networks," Coveware commented. "There they lay down secure footholds that are sold further down the supply chain to ransomware actors. We expect a reshuffling of attack vectors to occur in the wake of the Emotet takedown."
-
Using WinRAR? Update now to avoid falling victim to this file path flawNews WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
Amazon CEO Andy Jassy doubles down on the company's AI focusNews Amazon CEO Andy Jassy thinks companies need to "lean into" AI and embrace the technology despite concerns over job losses.
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
