Fewer ransomware victims are making ransom payments. This is the trend being tracked and evidenced by security researchers at Coveware. Since the first quarter of 2019, the percentage of known victims making payments has steadily declined and this has been attributed to three key factors...

In the first quarter of 2019, 85% of known ransomware victims were making ransom payments during a ransomware incident. At the close of 2022, this had fallen to 37%.

According to Covewave, the trend is partially attributed to the substantial increase in cyber security and cyber incident response functions. The prevalence of high profile cases in the media and the increased frequency of incidents appears to have driven the shift in organisations' budgets towards cyber defences.

This shift can also be observed in the increased keyword search for things such as 'immutable backups' and 'cyber-insurance'. Better preparation has led to ransom payments becoming less necessary.

The second key factor in this trend is the shift in focus from national law enforcement agencies from pursuing arrests of threat actors towards pursuing the defence and remediation of victims.

Making national expertise available to victims who would otherwise face ransoms alone has helped drive down ransom payments.

The last key factor is the compounding effects of declining ransomware payments. As the rate of ransom payments falls, the potential profit falls. This prices some threat actors out of the market, leading to less ransomware attacks, leading to less payments. This cycle repeats and will hopefully continue to the detriment of threat actors into 2024.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).