January 31, 2024 at 02:20PM
Ransomware payments dropped to 29% in Q4 2023, down from 85% in 2019. Coveware attributes the decline to increased awareness and reluctance to trust data kidnappers due to high-profile incidents where payments led to nothing. A payment ban is discouraged, with reporting requirements and changing victim incentives seen as more effective means to combat ransomware.
Based on the meeting notes provided, the key takeaways are:
1. There has been a significant decrease in the number of ransomware victims choosing to pay ransomware actors, with the rate dropping to a new low of 29 percent in the last quarter of 2023.
2. Coveware’s founder and CEO, Bill Siegel, attributes this shift to increased awareness among companies, better preparation for cyber attacks, and a growing reluctance to trust data kidnappers due to high-profile cases of payments leading to no resolution.
3. Coveware also found a decrease in overall ransomware payments and a significant drop in payments for data exfiltration-only incidents.
4. The report suggests that implementing a nationwide payment ban would be counterproductive and could potentially lead to an increase in illegal activities and non-compliance with reporting requirements.
5. Instead of a payment ban, Coveware proposes implementing reporting requirements, safe harbors, encouraging companies to work with law enforcement, and increasing awareness of cybersecurity best practices as effective measures to combat ransomware threats.
These takeaways convey the importance of a multifaceted approach to addressing ransomware threats, focusing on altering the incentives for victims, encouraging cooperation with authorities, and raising awareness about cybersecurity.