Two-thirds of companies pay ransomware demands: But not everyone gets their data back

Organisations which haven't been ransomware victims say they wouldn't give in to demands, but for those who have been infected, it's a different story.
Written by Danny Palmer, Senior Writer

Ransomware infections like Cerber are becoming an increasing problem for businesses.

Image: Check Point

The majority of organisations which become infected by ransomware will give into the demands of cybercriminals for reasons ranging from the importance of the encrypted data to the perceived low costs of ransom payments.

However, some companies have discovered the hard way that cybercriminals are not to be trusted, with many only paying hackers to unencrypt their files only to find that they never get their data back.

The figures on reactions to ransomware from Trend Micro come following a surge in cyberattacks using the file encrypting malicious software over the last year which has resulted in it becoming the largest threat to cybersecurity, as demonstrated by some cases of Locky infections against high-profile targets.

While three quarters of organisations who haven't been the victim of a ransomware attack say they wouldn't give into the demands of hackers if infected, it seems that those do suffer a ransomware infection change their tune; two thirds of companies which have fallen victim to such an attack have paid up.

It's because companies fear the repercussions of losing the data that those infected have given into ransom demands, with 37 percent of organisations worried about being fined if data became lost - the fact that quietly paying a ransom could mean that the business doesn't need to go public about a breach could also be a factor in this.

Another reason given for doing business with cybercriminals is that the encrypted data is highly confidential, with a third of those who've paid hackers suggesting that this is the reason they gave into ransom demand, while almost as many view the cost of a ransom as low enough to justify paying as a means of avoiding any further issues.

According to the Trend Micro figures unveiled at CloudSec London, the average ransom demanded is £540 ($722) - although the payment is usually requested in Bitcoin - with although 20 percent of organisations reported ransom demands of £1000 ($1338).

For many companies, the figures simply represent a reasonable amount to pay in order to get potentially sensitive data back from hackers - however, this can backfire as if hackers know they can extort money from a particular company, they could repeatedly attack it and demand payments each time.

"When faced with a ransom situation, most organisations simply cannot afford to part with the encrypted data and are forced to fork out the requested amount, often more than once. Caving in to the demands of cyber-extortionists only reassure them of their strategy and perpetuates the threat cycle," says Bharat Mistry, cybersecurity consultant at Trend Micro.

If it wasn't already obvious that cybercriminals aren't exactly trustworthy, Trend Micro's figures suggest that of those companies which paid a ransom to hackers, one in five never got their data back.

There is however a silver lining as of those companies who refused to give into hackers' ransom demands, 60 percent said they were able to retrieve data from back up files, while there are also schemes by security firms which provide decryption keys for certain types of ransomware for free. Meanwhile, in a qauarter of cases, the company deemed the data being held to ransom as not valuable or confidential and thus not worth paying for.

Organisations affected by ransomware estimate they spent 33 hours on average fixing the issues caused by the ransomware infection.

Trend Micro's figures are based on a survey of 305 IT decision makers at organisations with over 1,000 employees in the UK.


Editorial standards