Why ransomware is still so successful: Over a quarter of victims pay the ransom

Organisations are paying an average of $1m to cyber criminals to restore their networks after falling victim to ransomware.
Written by Danny Palmer, Senior Writer

Over a quarter of organisations that fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now more than $1 million.

A Crowdstrike study based on responses from thousands of information security professionals and IT decision makers across the globe found that 27 percent said their organisation had paid the ransom after their network got encrypted with ransomware.

While law enforcement agencies say organisations should never give in and pay the ransom, many businesses justify making the payment because getting the decryption key from the attackers is viewed as the quickest and easiest way to restore the network.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 

However, not only does paying the bitcoin ransom just encourage ransomware gangs to continue campaigns because they know they're profitable, there's also no guarantee that the hackers will actually restore the network in full.

Infecting networks with ransomware is proving to be highly lucrative for cyber criminals, with figures in the report suggesting the average ransom amount paid per attack is $1.1 million.

In addition to the cost of paying the ransom, it's also likely that an organisation that comes under a ransomware attack will lose revenue because of lost operations during downtime, making falling victim to these campaigns a costly endeavour.

However, falling foul of a ransomware attack does serve as a wake-up call for the majority of victims; over three-quarters or respondents to the survey say that in the wake of a successful ransomware attack their organisation upgraded its security software and infrastructure in order to reduce the risk of future attacks, while two-thirds made changes to their security staff with the same purpose in mind.

It's unclear why almost a quarter of those who fall victim to ransomware attacks don't plan to make any changes to their cybersecurity plans, but by leaving things unchanged, they're likely putting themselves at risk from falling victim to future attacks.

That's especially the case during 2020, which has brought additional cybersecurity vulnerabilities to organisations due to the rise of people working from home because of the coronavirus pandemic.

"In a remote-working situation the attack surface has increased many times and security cannot be a secondary business priority," said Zeki Turedi, chief technology officer for EMEA at CrowdStrike.

SEE: Ransomware victims aren't reporting attacks to police. That's causing a big problem

To avoid falling victim to ransomware attacks, it's recommended that organisations ensure that systems are updated with the latest security patches, something that can prevent cyber criminals taking advantage of known vulnerabilities to deliver ransomware.

It's also recommended that two-factor authentication is deployed throughout the organisation, so that in the event of criminal hackers breaching the perimeter, it's harder for them to move laterally around the network and compromise more of it with ransomware or any other form of malware.


Editorial standards