Ransomware: Why paying the crooks can actually cost you more in the long run

One in four organisations are paying crooks to get their data back. But doing so not only costs more, but could come back to haunt you in future.
Written by Danny Palmer, Senior Writer

Ransomware is so dangerous because in many cases the victim doesn't feel like they have any other option other than to pay up – especially if the alternative is the whole organisation being out of operation for weeks, or even months, as it attempts to rebuild the network from scratch.

But handing over a bitcoin ransom to cyber criminals can actually double the cost of recovery according to analysis by researchers at Sophos, published in the new State of Ransomware 2020 report, which has been released three years to the day from the start of the global WannaCry ransomware outbreak.

A survey of organisations affected by ransomware attacks found that the average total cost of a ransomware attack for organisations that paid the ransom is almost $1.4m, while for those who didn't give into ransom demands, the average cost is half of that, coming in at $732,000.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Often, this is because retrieving the encryption key from the attackers isn't a simple fix for the mess they created, meaning that not only does the organisation pay out a ransom, they also have additional costs around restoring the network when some portions of it are still locked down after the cyber criminals have taken their money.

According to the report, one in four organisations said they paid the ransom in order to get their files back. It's one of the key reasons why ransomware remains a successful tactic for crooks, because victims pay up – often sums of six-figures or more – and are therefore encouraging cyber criminals to continue with attacks that often can't be traced back to a culprit.

It's even possible the crooks could come back and hit the same organisation, given that they know that they don't have proper security infrastructure in place – and that the victim has previously paid up.

"It certainly marks you as a victim willing to pay, which could lead to you being targeted again in the future" Chester Wisniewski, principal research scientist at Sophos told ZDNet.

It's also possible that if paying the ransom becomes public knowledge, then that could have a negative impact on the company, potentially hitting the bottom line going forward due to the lack of trust on how they handle security.

"It could also raise concerns with investors about your security and ability to protect regulated data if you have to disclose where that million dollars went," Wisniewski added.

Over half of ransomware victims end up restoring the network via the use of backups, which is a longer process, but reduces the overall cost of a ransomware attack – and demonstrates that there's a way for organisations to go back to normal operations without the need to give into the demands of cyber criminals.

However, the best way to avoid falling victim to a ransomware attack – and therefore contemplating the potential need to fund the cyber-criminal ecosystem – is to ensure your network is secure enough so as to not become a victim in the first place.

SEE: Ransomware: 11 steps you should take to protect against disaster

And relatively simple things like applying patches, ensuring default passwords aren't used and applying two-factor authentication can go a long way to stopping ransomware and other cyberattacks from becoming a problem.

"Most of these attackers are opportunistic. They are picking you out of a list of companies that had your admin phished or left RDP accessible to the internet or forgot to patch your VPN," said Wisniewski

"The biggest thing you can do as a preventative is to carefully monitor and patch your perimeter and implement two-factor authentication for remote access and administrative functions".


Editorial standards