Less than one-fifth of ransomware victims paid in first half of 2023: Report

Despite an overall increase in ransom demands by cybercriminals, a new report published on Thursday demonstrates that only 19% of cases in the first half of 2023 led to actual ransom payments.

The findings by cyber risk management firm Arete, in its latest report titled 'Turning Tides – Navigating the Evolving World of Cybercrime' also revealed that the professional services sector emerged as the prime target, experiencing a noteworthy uptick of nearly 12% since the latter part of 2022.

The report also noted a surge in LockBit ransomware incidents, claiming a significant 30.3% share of all ransomware cases tracked by Arete in the first half of 2023 and highlighted the socioeconomic consequences of the Russia-Ukraine War and the escalation of global law enforcement efforts against cyber criminals.  

“Cybercrime is constantly shifting in response to new vulnerabilities, developing technology, and global socioeconomic events,” said Arete’s Chief Data Officer, Chris Martenson. “Remaining aware of the latest trends and shifts allows organizations to take a proactive approach to cybersecurity and create data-driven strategies to protect their data and systems,” Martenson added.  

Similar trends were noticed in a report published in January 2023 Over the last 4 years, the propensity for victims of ransomware to pay a ransom has fallen dramatically, from 85% of victims in Q1 of 2019, to 37% of victims in Q4 of 2022. On an annual basis, 41% of victims paid in 2022 vs. 76% in 2019.

The report by cyber security firm Coveware reasoned that a driving factor for reduced payment of ransomware could be that enterprises are investing substantially more in security and incident response planning unlike before. Besides, law enforcement agencies have effectively shifted strategy from pursuing just arrests to putting a focus on helping victims, and imposing costs to the economic levers that make cyber-crime so profitable. 

That said, on the whole ransomware continues to be prolific, with a new ransomware attack striking on average every 10 seconds. A report by Check Point from July further shows that there was an 8% increase in cyberattacks worldwide every week during Q2 2023. On average, organizations had to deal with 1258 attacks per week. Ransomware attacks affected 1 out of every 44 organizations globally each week, with a primary focus on APAC and Europe regions.