A growing number of ransomware victims appear to be losing confidence that their attackers will delete any data they might have stolen during the attack for additional leverage, even after being paid the demanded ransom.
New analysis from Coveware, based on data gathered from ransomware incidents the company helped organizations respond to in Q4 2020, shows a large decline in the average and median ransom amounts that victims paid to their attackers. In addition, fewer organizations gave in to cyber extortion demands if they had a chance to recover data from back-ups.
Coveware's Q4 data reversed a steady — and, recently, almost linear — increase in average ransom payments going back to at least Q4 2018. Just between the first and the third quarter of last year, for instance, average payments soared from $111,605 to $233,817. However, in Q4, average payments plunged by 34% to just over $154,000, while median payments also dropped 55% from $110,532 to $49,450 over the same period.
The number reflects the growing realization among ransomware victims that paying attackers to prevent the release of stolen data is a poor bet, Coveware Coveware says. With more companies falling victim to ransomware attacks, organizations are getting more insight for considering the trade-offs between paying or not paying an extortion demand — and many are deciding not to pay. Coveware's own stance is if organizations opt to pay, there's no guarantee that stolen data will be deleted or purged as promised; no guarantee that it won't be misplaced, traded, or stolen; and no way of finding out whether the data has been copied and replicated across multiple systems.
It's unclear whether the de ..
Support the originator by clicking the read the rest link below.
