![[Ransomware:] how is the threat evolving?](https://incyber.org//wp-content/uploads/2024/03/incyber-news-cybersecurite-cybersecurity-threats-2160x735.jpg)
Ransomware: how is the threat evolving?
![Image Why [Mythos] Signals the End of Traditional Patch Management](https://incyber.org//wp-content/uploads/2025/06/istock-1384205321-885x690.jpg)
On April 17, 2024, Coveware published its new quarterly report on ransomware attacks over the first quarter of 2024. In particular, it shows that the share of victim companies that pay the ransom has never been this low, at 28% compared to 29% in the last quarter of 2023. The rate reached 85% in early 2019, and remained above 70% until the end of 2020.
According to Coveware, victims are less inclined to pay, firstly because they are better prepared to respond to ransomware attacks. More of them have data and infrastructure backups, and are therefore able to go without decryption keys to restore infected systems. Moreover, victims are less trusting of cybercriminal groups when the latter promise to destroy stolen data in exchange for payment.
Furthermore, the average and mean ransom amounts are dropping, to respectively 382,000 and 250,000 dollars (357,000 and 236,000 euros), after peaking in 2023. With 21% of attacks, Akira remains by far the most used ransomware, before Black Basta and Lockbit (9% each), and Medusa, Phobos and BlackCat (6%).
Attack vector analysis mostly shows the growing reluctance of companies to disclose the technical details of an intrusion. Thus the share of attacks due to causes “unknown” is approaching 50%, a steep increase. The three most targeted sectors are health (18.7% of attacks), professional services (17.8%) and government bodies (11.2%).