Ransomware victims paying up and would do so again: Telstra

With half of businesses paying ransoms, the vast majority said they would do so again, according to research by Australian telco Telstra.
Written by Chris Duckett, Contributor

Ransomware writers looking for targets to pay up should start looking in the south-west Pacific, according to the third installment of the Telstra Security Report.

Surveying 1,252 people, of which 40 percent were in Europe, 23 percent from Australia, and 37 percent from elsewhere in Asia-Pacific, the report said approximately half of businesses paid malware ransoms.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

"47 percent of Australian businesses who found themselves victims of ransomware paid the ransom, which was consistent across APAC," the report said. "Some 60 percent of ransomware victims in New Zealand and 55 percent in Indonesia paid the ransom, making it the highest for Asia. In Europe, 41 percent of respondent ransomware victims paid up."

Of those that paid up, 87 percent of Asian businesses got their data back, followed by 86 percent in Australia, and 82 percent in Europe. The report added that in the absence of proper backups, 83 percent of organisations in Australia would pay again, with Europe clocking in at 80 percent, and 76 percent of Asian responders saying they would pay again.

"Our research suggests that ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid," the report said.

(Image: Telstra)

The report added that 29 percent of breaches in Hong Kong organisations were detected years after the incident, or never detected, with Taiwan reporting 25 percent, whereas the global average was 12 percent.

For recovery times, Australia improved to 74 percent of incidents resolved in less than two hours, up from 56 percent the year prior. APAC respondents said 67 percent of incidents were recovered in the same time frame, and 66 percent for European respondents.

"The improvement in response time in Australia is in line with the greater number of organisations putting in place an incident response plan (76 percent vs. 66 percent in 2016) as well as the frequency of which organisations are testing and reviewing their incident response plan," the report said.

As businesses continue shifting to the cloud, the report said the top concerns for businesses are the encryption and protection of data in transit.

Also read: Special report: Cybersecurity in an IoT and mobile world (free PDF)

"The security implications of running applications in these more complex cloud environments is that traffic is also shifting from the north-south direction (typical for perimeter security) to an east-west flow," the report said. "This east-west traffic is effectively able to bypass the perimeter security gateway and is therefore not visible or controlled within the virtual cloud environment.

"Businesses will also have to consider the trade-offs between managing data though private, public, or hybrid clouds. There are limitations on what cloud providers are liable for in the event of a breach that also need to be considered when choosing between platforms."

A report from Malwarebytes released on Monday said ransomware attacks against consumers were massively on the decline, but there had been a small increase in attacks against businesses.

Since the start of the year, an Indiana hospital and the city of Atlanta have both fallen victim to the SamSam class of ransomware.

Last month, researchers were able to infect robots with ransomware.

Related Coverage

Ransomware, cyber-extortion and GDPR: Three security headaches ahead for charities

Ransomware and business email compromise attacks could be 'devastating' for charities, says tech security agency.

GandCrab tries out some new tactics for ransomware

GandCrab is making a Dash for it.

Tempted to invest in SpriteCoin? Don't be - it's ransomware in disguise

Scammers are trying to use the cryptocurrency hype to their advantage.

Too mainstream for criminals, bitcoin is losing its ransomware appeal

Some cybercriminals are already casting their gaze towards a less volatile cryptocurrency.

WhiteRose ransomware attack sends bizarre poetry in ransom note to victims (TechRepublic)

The attack is similar to the Black Ruby, Zenis, and HiddenTear / InfiniteTear ransomware variants and seems to utilize unsecured Remote Desktop services.

Only 26% of US companies that paid ransomware attackers had files unlocked (TechRepublic)

The average estimated business cost of a ransomware attack is more than $900,000, according to a SentinelOne report.

Editorial standards