Average ransomware payments decline… but that’s not good news

Average ransomware payments are on the decline... but that's not good news

The latest research by Coveware shows that ransomware attackers are attempting to extort, on average, a smaller amount of money through their criminal activities.

According to the firm, the average payment following an enterprise ransomware attack has fallen 38% since the first quarter of 2021 to $136,576 with a median down 40% to $47,008.

Ransomware chart

That’s obviously a much larger figure than any consumer is likely to be required to pay after their home PC has been encrypted by a ransomware attack, and underlines that ransoms vary depending on who has been hit and how many computers have been compromised.

According to the experts at Coveware, the drop in the average ransom may actually be due to the increasing number of attacks done by Ransomware-As-A-Service (RAAS) affiliates:

“The decrease was primarily driven by a growing number of disparate Ransomware-as-a-Service brands that have proliferated recently, and which have diluted the concentration of attacks controlled by just a few. The lower prevalence of several groups that have historically made some of the highest demands (such as Ryuk and Clop) allowed the average and median ransom payment to drift lower during the quarter.”

In short, the average has gone down because more ransomware attacks are taking place, orchestrated by more criminals. I find it hard to view that as good news.

Here is the top 10 chart of most common ransomware variants seen at enterprises in Q2 2021, according to Coveware:

Top 10 ransomware

Sign up to our free newsletter.
Security news, advice, and tips.

To add to corporate headaches, Coveware says that it has seen an increase in the proportion of ransomware attacks which include a threat to leak exfiltrated data (81%, a rise of 5% over Q1 2021.)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.