BACK TO NEWS
Breaking NewsLow

Ransomware Payment Rates Hit Record Low Amid Surging Attack Volumes

2 min readSource: BleepingComputer

Global ransomware payment rates fell to 28% in 2023, the lowest on record, despite a sharp rise in reported attacks, per new data.

Ransomware Payment Rates Reach Historic Low as Attacks Escalate

Global ransomware payment rates declined to a record low of 28% in 2023, according to the latest industry data, even as the volume of reported attacks continued to climb sharply. The findings underscore a growing resistance among victims to meet extortion demands despite increasingly aggressive tactics by threat actors.

Key Findings

  • Payment rate drop: Only 28% of ransomware victims paid ransoms in 2023, down from 41% in 2022 and 76% in 2019.
  • Attack surge: The total number of claimed ransomware incidents rose significantly, with threat actors intensifying campaigns across sectors.
  • Data sources: Trends are based on reports from incident response firms, law enforcement, and cyber insurance providers.

Technical Context

Security researchers attribute the decline in payments to several factors:

  • Improved backup strategies: Organizations have enhanced data resilience, reducing reliance on ransom payments for recovery.
  • Regulatory pressure: Stricter guidelines (e.g., U.S. Treasury advisories) discourage payments to sanctioned entities.
  • Law enforcement successes: Disruptions of ransomware groups (e.g., LockBit, ALPHV) have eroded trust in attackers’ decryption promises.

Impact Analysis

While the drop in payment rates is a positive trend, the surge in attacks highlights persistent vulnerabilities:

  • Targeted sectors: Healthcare, education, and critical infrastructure remain high-value targets.
  • Evolving tactics: Threat actors increasingly use double extortion (data theft + encryption) to pressure victims.
  • Economic strain: Small and mid-sized enterprises (SMEs) face disproportionate risks due to limited cybersecurity resources.

Recommendations

Security teams should prioritize:

  1. Offline backups: Ensure immutable backups are tested and isolated from primary networks.
  2. Incident response plans: Develop and drill playbooks for ransomware scenarios.
  3. Threat intelligence: Monitor emerging ransomware variants and TTPs (Tactics, Techniques, and Procedures).
  4. Employee training: Conduct phishing simulations and security awareness programs.

The data suggests a shifting landscape where attackers may adapt by refining extortion methods, underscoring the need for proactive defenses.

Share

TwitterLinkedIn