The average ransom paid to cybercriminals after a ransomware attack is declining as more companies are reluctant to pay up, following government advice over the legality of sending money to threat actor groups behind the malware. Coveware, a cybersecurity company, conducted a study that found that the average ransom payment after a ransomware attack decreased by a third in Q4 2020, dropping from $233,817 to $154,108. The drop may be attributed to increased government advisories on the topic or distrust in cybercriminals claiming to send a decryption key post-payment.
However, there are still a large number of organizations that give into demands, allowing ransomware to continue to be a successful and desirable form of attack, even if they are turning less profit. Some ransomware operators may be pushed to explore whether the effort and risk are worth the payout as ransom prices continue to decline. Coveware states that if fewer and fewer companies pay, it could cause a long term impact that would shift the cyber climate and result in a decline in the volume of ransomware attacks.
Read More: Ransomware payments are going down as more victims decide not to pay up