The percentage of companies paying ransom after a ransomware attack has been declining sharply for years.
According to research by cyber incident response company Coveware, only 23 percent of the surveyed companies give in to hackers’ ransom demands. Six years ago, that percentage was still 85 percent.
Better Protected
According to Coveware, this historic low is due to the fact that companies are employing increasingly stronger and more targeted security solutions against ransomware. Authorities are also said to be urging companies not to pay. Otherwise, hackers know they can likely demand more ransom or attack again.
“Cyber defenders, law enforcement, and legal specialists should see this as a confirmation of collective progress,” Coveware states. “The work being done to prevent attacks, minimize impact, and successfully manage cyber extortion is paying off.”
Double Extortion
Over the years, hackers have shifted from encryption attacks to double extortion to obtain data and threaten to leak it. When data is only stolen and not encrypted, the payment percentage in this category also drops to a low of 19 percent. There are also more internal threats, such as employees providing a gateway to the company network for hackers. However, hackers don’t reinvent the wheel every time. Classic methods like phishing, social engineering, and other vulnerabilities remain widely used.
Companies realize that instead of paying, it’s better to invest in improved defenses against future attacks. According to Coveware, hacker groups will therefore focus on large enterprises to still capture larger profit margins.