To pay or not to pay: Paying ransoms leads to more ransomware attacks

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language.


Researches from the Cybereason company found that the majority of organizations that pay threat actors to decrypt data are attacked again — usually within a month and at the hands of the same attackers.


Ransomware is a bigger problem as 73% of organizations suffered at least 1 ransomware attack in the past 24 months, compared with just 55% in 2021.


Despite government warnings, law enforcement alerts and previous reports showing that paying a ransom maintains the ransomware as a service (RaaS) model, many organizations continue to pay threat actors to decrypt data.


Cybereason Ransomware True Cost to Business Study reveals that:


— 80% of companies that paid a ransom demand were hit again,

— nearly 50% reported paying a second ransom and

— nearly 10% paid a third time.



The study once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as:


— 80% of companies that paid were hit by ransomware a second time,

— with 68% saying the second attack came in less than a month and

— 67% reporting that threat actors demanded a higher ransom amount.



The report further revealed that 54% of companies that prefered to pay a ransom demand in order to regain access to their encrypted systems, reported that some or all of the data was damaged during the recovery process, compared to 46% in 2021 (an increase of 17% year-over-year.)


These findings underline why it does not pay to pay ransomware attackers, and that companies should focus on detection and prevention strategies to fight back ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.


Cybereason CEO and co-founder Lior Div says ransomware attacks are traumatic events, and when ransomware gangs attack a second, third or fourth time in a matter of weeks, it can bring an organisation to its knees. “Deploying effective anti-ransomware solutions is easier said than done, and the hackers know it.”


“After being hit the first time by a ransomware attack, companies need time to assess their security posture, determine what are the right tools to deploy, and then find the budget to pay for it. The ransomware gangs know this and it is the biggest reason they strike again quickly,” he explains.


Key findings include:


  1. A weak supply chain leads to ransomware attacks: Nearly two-thirds (64%) of companies believe the ransomware gang got into their network via one of their suppliers or business partners.


  1. Senior leadership attrition: A total of 35% of companies suffered C-level resignations following a ransomware attack.


  1. A matter of life and death: Nearly 30% of companies said they paid a ransom because of the risk to human life due to system downtime.


  1. Ransom demands increase with each attack: Nearly 70% of companies paid a higher ransom demand the second time.


  1. Ransomware attacks lead to business disruptions: Nearly one-third (31%) of businesses were forced to temporarily or permanently suspend operations following a ransomware attack.


  1. Layoffs result from ransomware attacks: Nearly 40% of companies laid off staff as a result of the attack.


  1. Companies don’t have the right tools: A total of 60% of companies admitted that ransomware gangs were in their network up to six months before they discovered them. This points to the double extortion model, where attackers first steal sensitive data, then threaten to make it public if the ransom demand is not paid.


Source: Cybereason

Related Posts


Если представить Киберпреступность как страну, это была бы третья экономика мира

  К 2025 году киберпреступность будет обходиться в 10,5 триллионов долларов ежегодно.   Если оценивать ее как страну, то киберпреступность, которая в 2021 году нанесла глобальный ущерб на общую сумму 6 триллионов долларов США, была бы третьей по величине экономикой мира после США и Китая.   По данным Cybersecurity Ventures, ожидается, что глобальные расходы на […]

Хакеры ускорились: от публикации информации об уязвимости до начала атак на них проходит около 15 минут

  Согласно исследованию Palo Alto Unit 42 о реагировании на инциденты за 2022 год, хакеры постоянно отслеживают объявления поставщиков программного обеспечения относительно информации о новых уязвимостях. Они оперативно используют ее для первичного доступа к корпоративной сети или для удаленного исполнения кода.     У системных администраторов остается все меньше времени на исправление обнаруженных уязвимостей. В […]


Вот так: 1 из 3 сотрудников не понимает, почему важна кибербезопасность

  Даже хуже — только 39% говорят, что «вероятно» сообщат о киберинциденте.   Новый отчет указывает на отсутствие связи между сотрудниками и усилиями их компании по кибербезопасности.   Согласно новому исследованию Tessian почти каждый третий (30%) сотрудник не считает, что он лично играет роль в поддержке кибербезопасности своей компании.   Кроме того, только 39% сотрудников […]

Добавить комментарий

Ваш адрес email не будет опубликован.