Ransomware, Threat Management

Average ransom payments take a dip, even as attacks remain steady

The FBI’s Cyber Division leads the nation’s efforts to investigate and prosecute internet crimes. (FBI)

Average ransom demand payment dropped 38% from Q1 2021 to $136,576, with some researchers pointing to the federal government's increased scrutiny of ransomware in response to multiple critical infrastructure attacks as the reason.

The data emerged from Coveware’s quarterly ransomware insights report, which also found during the same time frame that 81% of ransomware attacks involved threats of data theft and extortion attempts.

The findings come even as the researchers report that the volume and severity of attacks have remained relatively stable for the last 18 months. In fact, evidence shows threat actors as increasingly bold, leveraging massive budgets and sophisticated tools to compromise networks. Prior to REvil going dark, the group collected close to $100 million in ransom payments during just the first six months of 2021.

And threat actors like CloP have purchased more expensive tools and are investing in zero-day vulnerabilities, a serious concern even for well-prepared enterprises. Historically, threat actors would avoid enterprises deemed too expensive to compromise. But with renewed offensive operating budgets, attackers are more equipped to “spend more time and effort (read cost) attacking targets that they really have an eye for,” Coveware researchers reported.

As for the drastic reduction in ransom payments, the data show it could be spurred by the lower prevalence of several threat actors that typically demand higher payouts, like CloP and REvil, and a lower propensity among victims to pay up in cases of data exfiltration. Although threat actors are continuing to employ extortion techniques, Coveware data found fewer entities facing just the threat of data exfiltration are opting to pay the ransom demand. 

By Q2 2021, just 50% of data exfiltration victims opted to pay – down from 65% the prior quarter. Researchers are hopeful this trend will continue until no victims pay extortion demands.

“We feel very strongly that mandatory federal reporting of a ransom payment will have a positive material impact on this as well,” researchers wrote. “Mandatory reporting may not seem like a major forcing function, but piercing the veil of disclosure will tilt the mindset of decision makers further away from making this specific kind of payment.”

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.