The average ransomware payment fell by more than a third between Q3 and Q4 in 2020, a new study has found.

A marketplace report released by cyber incident response firm Coveware found that thead average payment by victims of ransomware attacks had decreased to a little over $154,000 in Q4 of 2020 from $233,817 in Q3, and that the median payment decreased by more than half.

Coveware has attributed the drop to a lack of trust that ransomware gangs would not retain copies of exfiltrated data upon receiving payment. They usually promise to delete them. 

“With more companies falling victim, more are having the opportunity to constructively consider the trade offs, and are increasingly choosing not to pay,” stated the report.

Among the report’s other findings are that threats by ransomware gangs to leak exfiltrated data have risen sharply, to 70 percent of attacks in Q4 compared to 50 percent in Q3. Email phishing remains the primary vector for ransomware attacks.

See the report here.