Median Ransom Payment Drops 51% in Second Quarter
Fewer ransomware victims paid to retrieve access to their systems, and the median ransom payment dropped 51% in the second quarter of 2022, according to a recent report from Coveware.
Though the median payment dropped to $36,360, the average ransom payment increased 8% to $228,125, boosted by a few outliers. However, the improvement in the median payment reflected threat actors’ shifts toward less risky, lower-profile targets, and the average remains below a fourth quarter 2021 high of over $300,000.
“We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts,” Coveware said in a blog post.
While some ransomware targets may pay to prevent the leaking of stolen data, Coveware said the practice “continues to confound and frustrate” the incident response world. Data exfiltration factors into 86% of cases, but evidence suggests “threat actors do not honor their word as it relates to destroying exfiltrated data,” the firm said.
Coveware asserted that in addition to the likelihood that data will not be destroyed, paying a ransom doesn’t expunge any liability for an organization.
“The visibility of where stolen data is held or posted does not change the liabilities and almost never changes the actual risk or harm to the impacted parties. If the stolen data has value to other cybercriminals, it will likely be sold out of view,” the firm said. It added that paying does not prevent lawsuits or demonstrate to the public or regulators the breached organization’s commitment to protecting data.
Two states—North Carolina and Florida—have passed legislation prohibiting state agencies from paying the ransom, Coveware noted.
“Arguments from both sides of the debate weighed in, but the reality is that this is a worthy experiment, and the data should be tracked very closely,” the firm said, adding that the lack of uniform reporting requirements across states may complicate the investigation of whether the policies are working.
© 2022 Zywave, Inc. All rights reserved.