Most organizations hit by ransomware would pay up if hit again

Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

Kaspersky claims that in 88 percent of organizations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.

The report also found that those companies that have been the victim of an attack are also more likely to pay up as early as possible in order to regain access to data, or will pay after just a brief period of time spent attempting to recover their encrypted data.

This willingness for companies to stump up the cash could be attributed to managers having little awareness of how to respond to such threats, according to Kaspersky. Management may also be unprepared for how long it may take to restore data, with some businesses losing more revenue while their data is being recovered than by just paying the ransom.

However, security experts and government agencies strongly recommend that organizations do not pay up for ransomware attacks as this simply validates this kind of activity as a viable business model for criminals. But this does not help much if your organization is affected, as Kaspersky acknowledges.

• Ransomware the final nail in coffin for small university
• Fresh ransomware samples indicate REvil is back
• Malware goes regional as attackers change tactics
• It costs just $7 to rent DCRat to backdoor your network

"Because it's about the business continuity, executives are forced to make tough decisions about paying the ransom. Giving money to criminals is never recommended, though, as this doesn't guarantee that the encrypted data will be returned and it encourages these cybercriminals to do it again," said Kaspersky VP for Corporate Product Marketing Sergey Martsynkyan.

Paying up might also not be enough to save an organization. One university in the US has recently been forced to close down following a ransomware attack, despite paying the ransom and having access to its systems restored.

Kaspersky offers some recommendations to help protect against malware. These include some obvious steps such as keeping software updated to minimize the risk from vulnerabilities, setting up offline backups that the ransomware cannot touch, and deploying security tools for advanced threat discovery and detection.

The security outfit also highlights the No More Ransom website, an initiative by the National High Tech Crime Unit of the Netherlands police, Europol's European Cybercrime Centre, Kaspersky, and McAfee. This offers advice for those affected by ransomware, plus decryption tools that may be able to recover data.

Meanwhile, Kaspersky itself has been the target of suspicions over the company's ownership and possible ties to the Russian government, with the German federal cybersecurity agency recently warning citizens not to install Kaspersky security tools. For its part, Kaspersky maintains that these suspicions are politically motivated and states that it is a private company with no ties to the Russian government. ®