Security News > 2024 > April > Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

More organizations hit by ransomware gangs are starting to realize that it doesn't pay to pay up: "In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%," ransomware incident response firm Coveware has found.

"LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site," the company said, noting that "Future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term."

Recent events are changing the ransomware ecosystem.

"These types of ransomware variants aren't going to command the million-dollar ransoms like Cl0p and Lockbit but they can indeed be effective against SMBs, and for many attackers beginning their 'careers,' that's enough," says Christopher Budd, Sophos' Director of Threat Research.

"More concerningly, this new ransomware threat poses a unique challenge for defenders. Because attackers are using these variants against SMBs and the ransom demands are small, most attacks are likely to go undetected and unreported. That leaves an intelligence gap for defenders, one the security community will have to fill."

Coveware's recent report noted that the average ransomware payment continues the downward trend: in Q4 2023 it was $568,705, and in Q1 2024 it fell to $381,980.

News URL

https://www.helpnetsecurity.com/2024/04/19/ransomware-q1-2024-payments/