News you can use
Crime & Scams
Ransomware payments are growing
Ransomware gangs may have to work harder for each dollar, but they’re richer for it.
Wasan Tita/Getty Images
By
Tom McKay
29 February 2024
less than 3 min read
Ransomware gangs may have had to work a little harder to bring home the green in 2023. According to recent research by ransomware response and negotiation shop Coveware, the percentage of victims willing to pay up reached an all-time low of 29% in the last quarter of the year.
Coveware’s data has shown sustained year over year drops in payment rates since 2019, when the vast majority of victims (85%) bought decryption keys.
There’s a huge caveat, though. Threat actors responded to low earnings in 2022 with a deluge of attacks, increasing their absolute take throughout 2023 to an all-time high of $1.1 billion, Chainalysis researchers found.
“It feels very gloves-off,” Chainalysis Head of Threat Intelligence Jackie Burns Koven told Wired.
Double jeopardy. Two attorneys who specialize in helping clients prepare for, react to, and resolve cybersecurity incidents told IT Brew the factors shaping executives’ decisions to pay a ransom or not have evolved quickly.
Kari Rollins, partner in the Privacy and Cybersecurity practice at Sheppard Mullin, told IT Brew she had observed a rise in ransomware attacks involving threats to release stolen data—so-called “double extortion” attacks—but these weren’t effective in most cases because most firms have realized disclosure requirements mean they can’t hide breaches from customers or investors.
“The threat of publicity surrounding the ransomware event isn’t as compelling as it used to be,” Rollins said. While some clients still pay, she said the real pressure to do so comes when victims don’t have redundant and/or segregated backups or disaster and business continuity plans, resulting in costly downtime.
Polsinelli attorney Michael Waters said a growing number of his clients either have secure backups or are able to decrypt their systems without the attackers’ keys. The sheer number of attacks in recent years has lessened negative PR from being hit as well, he told IT Brew.