Most organizations hit by ransomware would pay up if hit again

Nine out of ten organizations would do it all over again, keeping attackers in business

Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

Kaspersky claims that in 88 percent of organizations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.

The report also found that those companies that have been the victim of an attack are also more likely to pay up as early as possible in order to regain access to data, or will pay after just a brief period of time spent attempting to recover their encrypted data.

This willingness for companies to stump up the cash could be attributed to managers having little awareness of how to respond to such threats, according to Kaspersky. Management may also be unprepared for how long it may take to restore data, with some businesses losing more revenue while their data is being recovered than by just paying the ransom.

However, security experts and government agencies strongly recommend that organizations do not pay up for ransomware attacks as this simply validates this kind of activity as a viable business model for criminals. But this does not help much if your organization is affected, as Kaspersky acknowledges.

"Because it's about the business continuity, executives are forced to make tough decisions about paying the ransom. Giving money to criminals is never recommended, though, as this doesn't guarantee that the encrypted data will be returned and it encourages these cybercriminals to do it again," said Kaspersky VP for Corporate Product Marketing Sergey Martsynkyan.

Paying up might also not be enough to save an organization. One university in the US has recently been forced to close down following a ransomware attack, despite paying the ransom and having access to its systems restored.

Kaspersky offers some recommendations to help protect against malware. These include some obvious steps such as keeping software updated to minimize the risk from vulnerabilities, setting up offline backups that the ransomware cannot touch, and deploying security tools for advanced threat discovery and detection.

Cyber insurance model is broken, consider banning ransomware payments, says think tank


The security outfit also highlights the No More Ransom website, an initiative by the National High Tech Crime Unit of the Netherlands police, Europol's European Cybercrime Centre, Kaspersky, and McAfee. This offers advice for those affected by ransomware, plus decryption tools that may be able to recover data.

Meanwhile, Kaspersky itself has been the target of suspicions over the company's ownership and possible ties to the Russian government, with the German federal cybersecurity agency recently warning citizens not to install Kaspersky security tools. For its part, Kaspersky maintains that these suspicions are politically motivated and states that it is a private company with no ties to the Russian government. ®

Broader topics

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022