Fewer ransomware victims are paying up when faced with a ransomware attack, according to a new report from ransomware negotiation firm Coveware.

Why it matters: Malicious hackers are opportunistic and follow the money.

• If the money dries up in ransomware, they're likely to turn to other schemes.

By the numbers: 29% of organizations paid a ransom in the last quarter of 2023 to get their stolen data back and unlock their systems during a cyberattack, according to Coveware's report, released Friday.

• That's a completely different story from the 85% who were paying in the first quarter of 2019.
• The average ransom payment in the fourth quarter of 2023 was roughly $568,000 — a 33% drop from the third quarter.

Between the lines: Coveware attributes the drop last quarter to a few factors.

• Enterprise networks have built up better cyber defenses and have more data backups to help them recover quickly.
• More companies don't trust hackers to keep their promises and delete any stolen data.

The big picture: Ransomware has become a top cyber threat for all organizations — from the world's largest companies to small mom-and-pop businesses — over the last five years.

• Government officials have spent years trying to make a dent in the number of ransomware attacks targeting businesses, governments and other entities.

Yes, but: Ransomware hackers are known to be adaptable and will likely change their tactics to get more payments.

• Cybersecurity officials and industry experts believe ransomware is already an endemic issue.

Editor's note: This story has been corrected to show that 29% of organizations paid a ransom in the last quarter of 2023 (not 2024).