Ransomware Payment Rates Hit Record Low Amid Rising Attack Volume

Ransomware Payment Rates Reach Historic Low as Attacks Escalate

Global ransomware payment rates dropped to a record low of 28% in 2023, according to industry reports, even as the volume of reported attacks continued to climb. This decline marks a significant shift in victim behavior, reflecting evolving cybersecurity strategies and heightened awareness of the risks associated with paying ransoms.

Key Findings

• Payment rate decline: Only 28% of ransomware victims paid ransoms in 2023, down from 41% in 2022 and 76% in 2019.
• Attack surge: Despite the drop in payments, the number of reported ransomware incidents rose sharply, with threat actors increasingly targeting critical infrastructure, healthcare, and education sectors.
• Data recovery trends: Improved backup strategies and decryption tools have enabled more organizations to restore systems without paying ransoms.

Technical Context

Ransomware operators continue to refine their tactics, leveraging double-extortion techniques—where attackers encrypt data and threaten to leak sensitive information—to pressure victims. However, the decline in payments suggests that organizations are prioritizing incident response planning, immutable backups, and law enforcement collaboration over capitulation to demands.

Security researchers also note the role of ransomware-as-a-service (RaaS) in fueling attack volumes. Affiliate programs allow less technically skilled threat actors to deploy ransomware, broadening the threat landscape. High-profile groups like LockBit, ALPHV/BlackCat, and Clop remain active, exploiting vulnerabilities such as CVE-2023-34362 (MOVEit Transfer) and CVE-2023-27350 (PaperCut NG) to gain initial access.

Impact Analysis

The reduction in payment rates may disincentivize some ransomware operations, but the overall threat remains severe. Attackers are adapting by:

• Targeting smaller organizations with weaker defenses.
• Increasing demands when payments do occur (average ransom payments rose to $1.54 million in 2023).
• Expanding into data theft-only extortion, bypassing encryption entirely.

For security teams, the trend underscores the importance of proactive defense measures, including:

• Regular backup testing to ensure rapid recovery.
• Patch management to mitigate known vulnerabilities (e.g., CVE-2023-34362).
• Employee training to recognize phishing and social engineering tactics.

Recommendations

1. Adopt a zero-trust architecture to limit lateral movement in networks.
2. Engage with law enforcement (e.g., CISA, FBI) to report incidents and access decryption tools.
3. Review insurance policies to ensure coverage aligns with current ransomware risks.

While the decline in payments is a positive development, ransomware remains a top-tier threat. Organizations must remain vigilant, combining technical defenses with strategic incident response to mitigate risks effectively.