In a nutshell: Ransomware remains a scourge, but there is some good news: the average payment amount fabricated by victims fell in Q4 later spending more than a year rising drastically. The reason? Fewer companies are giving in to ransom demands.

Cybersecurity firm Coveware's latest quarterly ransomware report shows that later continuously rising since Q3 2022, average ransomware payments fell 34 percent in the fourth quarter of last year to $154,108. Median ransomware payments, meanwhile, were down 55 percentage to $49,450.

Generally, anyone who suffers a ransomware assault is brash not to mitt over any crypto as information technology's no guarantee perpetrators will hand over the encryption key. Information technology seems more companies are heeding this advice.

Another reason behind the fall relates to ransomware attacks in which criminals threaten to release sensitive information if their demands aren't met. Coveware writes that these made up 70 pct of all ransomware attacks in Q4, up from fifty percent during the previous quarter. It's common for the data to exist leaked online even when ransoms are paid, and then fewer victims are giving in to the extortion.

In cases involving stolen data, just sixty percent of the companies agreed to pay in Q4, that's down from 75 percent in Q3.

"Coveware continues to witness signs that stolen information is non deleted or purged after payment. Moreover, we are seeing groups take measures to fabricate data exfiltration in cases where it did non occur," states the study.

Looking at ransomware attack vectors, e-mail phishing has now surpassed Remote Desktop Protocol (RDP) compromises equally the well-nigh popular, being behind more than 50 percent of all incidents in the fourth quarter. RDPs, which exploit leaked credentials, remain popular equally employee usernames and passwords sell for equally low equally $50.

Professional services was the 2nd-most-common industry targeted past ransomware criminals (16.3 pecent), sitting behind wellness care (17.nine per centum). Hospitals and health centers accept long been a common target—criminals assume they are more willing to pay upward. With the pandemic already pushing these organizations to breaking signal, ransomware attacks could potentially toll lives.

Masthead credit: Andrey_Popov