top of page

Decline in ransom payments

Fewer ransomware victims are making ransom payments. This is the trend being tracked and evidenced by security researchers at Coveware. Since the first quarter of 2019, the percentage of known victims making payments has steadily declined and this has been attributed to three key factors...

In the first quarter of 2019, 85% of known ransomware victims were making ransom payments during a ransomware incident. At the close of 2022, this had fallen to 37%.

According to Covewave, the trend is partially attributed to the substantial increase in cyber security and cyber incident response functions. The prevalence of high profile cases in the media and the increased frequency of incidents appears to have driven the shift in organisations' budgets towards cyber defences.

This shift can also be observed in the increased keyword search for things such as 'immutable backups' and 'cyber-insurance'. Better preparation has led to ransom payments becoming less necessary.

The second key factor in this trend is the shift in focus from national law enforcement agencies from pursuing arrests of threat actors towards pursuing the defence and remediation of victims.

Making national expertise available to victims who would otherwise face ransoms alone has helped drive down ransom payments.

The last key factor is the compounding effects of declining ransomware payments. As the rate of ransom payments falls, the potential profit falls. This prices some threat actors out of the market, leading to less ransomware attacks, leading to less payments. This cycle repeats and will hopefully continue to the detriment of threat actors into 2024.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page