The true cost of ransomware: 78% saw attackers coming back for more


There are many considerations to have in mind when choosing whether to pay or not pay a ransom to cyberattackers. The latest report by Cybereason reveals that only one in two victims who paid up got their data back uncorrupted, and four out of five were then breached again.

The actual cost of a ransomware attack to a business includes much more than the ransom itself.

After surveying 1,008 IT professionals who all had to deal with breachers at least once in the previous two years, researchers found that 84% chose to pay the ransom, averaging from $423,000 in the UK to $1.4 million in the US.

ADVERTISEMENT

However, this doesn’t appear to have been the optimal strategy. Only 47% got their data and services back uncorrupted.

“A staggering 78% were attacked again after paying the ransom – 82% of them within a year. Payment doesn’t equal any future protection!” the Annual Global Study on Ransomware Business Impact by Cybereason reads. “And 63% of these were asked to pay more the second time.”

Every third (36%) consecutive attack was carried out by the same threat actor.

Organizations chose to pay the ransom because of the fear of attackers disclosing sensitive information and losing their reputation and business. For some, it seemed to be the quickest and easiest solution. Others admitted to being hacked over holidays or weekends or being short-staffed.

“It was a matter of life and death,” one of the reasons reads. “We didn’t have backup files.”

Security professionals estimate that in 46% of ransomware cases, business losses amounted to $1-10 million, and 16% estimate losses over $10 million.

“It’s no guarantee that your data and systems will be returned uncorrupted, that attackers won’t sell your data on the black market, or that you won’t be attacked again. And if there’s any evidence that your payment was used to fund terrorism or organized crime, you could find yourself facing criminal charges,” said Greg Day, Global Field CISO, VP at Cybereason.

The report also shows that 41% of bad actors got in via the supply chain, 24% got in directly, and 22% got in with an insider's help.

ADVERTISEMENT