The number of ransomware victims happy to pay the ransom in order to get their data back is in decline, resulting in the average ransom payment falling both quarter-over-quarter and year-on-year.
This is according to a new report from Coveware, which states that many criminals do not keep their word by deleting stolen data once the ransom has been paid. As a result, fewer organizations are willing to pay up.
As the best way to eradicate ransomware is to starve the industry of profitability, Coveware sees the trend as a “distinct positive”, especially in Q4.
Average ransom payment currently sits at $154,108, down by more than a third (34 percent) quarter-on-quarter. For the year, median ransomware payment now sits at $45,450, down by more than half (55 percent) compared to the same period last year.
However, the profit margin for ransomware attackers remains “very high” and the risk of arrest remains low, Coveware added.
The company advises organizations not to pay the ransom, because there is no guarantee that paying up will make the problem go away. Even if the criminals do keep their word and delete the data, there’s no guarantee it will be disposed of properly, or that they were the only party that held it.
The most popular ransomware targets, Coveware concluded, were small and medium-sized businesses, as these are least likely to have a dedicated, strong IT department.