
The average ransom demand has now reached $1.3 million, with some variants asking for up to $4.3 million for a decryptor.
The severity of ransomware attacks spiked by 68% in the first half of 2024, compared with the previous six months, a new report by cyber insurance provider Coalition reveals. The average loss after negotiations amounted to $353,000.
However, this figure is 12% lower than during the first half of 2023, when the average loss reached $401,766.
“Among ransomware events that resulted in a payment, Coalition successfully negotiated the amount down by an average of 57% of the initial demand,” the report reads.
In the first half of this year, one in 280 insured businesses had been affected by ransomware, and the frequency decreased by 10%. Ransomware frequency has been relatively stable in the US, while Canada has experienced a 34% increase.
Two ransomware variants, Play and BlackSuit, demanded noticeably higher ransoms than the average: $4.3 million and $2.5 million, respectively.
“In general, ransomware has been fairly seasonal with consistent drop-offs in the summer months and spikes during winter holidays – a conscious attempt by threat actors to go unnoticed within a system at times when businesses are typically slower to react,” the report estimates.
However, this year stands out for other cyber events that impacted businesses. For example, a bug in CrowdStrike’s software caused a global IT outage. Business email compromise is now a leading cyber event, continuing a steady increase and accounting for nearly a third of all claims. Other third-party disruptions wreak havoc on healthcare and other industries.
Overall claims severity reached $122,346 in H1 2024. The figure was 14% higher than in H2 2023 but similar to that of a year earlier ($123,990).
On average, in six months, 1.55% of insured businesses were affected by some kind of cyber incident, leading to a claim.
The cyber insurer warns threat actors are increasingly attacking exposed login panels. Exposed login panels more than tripled the likelihood of experiencing a claim.
“Businesses with at least one contingency of any type were 2.5 times more likely to experience a claim in 1H 2024. These contingencies include various risky technologies, such as certain boundary devices, remote access solutions, and end-of-life (EOL) software,” the report reads.

Coalition strongly recommends enforcing multi-factor authentication for all VPN users and ensuring they’re running the latest firmware – both of which help protect against brute force attacks, compromised credentials, and known vulnerabilities.
Your email address will not be published. Required fields are markedmarked