Nearly two-thirds of ransomware victims paid ransoms in 2021: Report

With ransomware attacks growing at an alarming rate, an increasing number of ransomware victims across the globe are paying their attackers hoping to retrieve their data or devices. A new piece of research shows that a whopping 63% of those suffering from ransomware attacks last year ended up compensating the malicious parties responsible for the attacks, even as governments, national authorities and solutions vendors pressured victims to strengthen and update their often outmoded and insufficient cybersecurity provisions. 

The 2022 CyberEdge Group’s annual Cyberthreat Defense Report showed that many of these systems are so far behind the times that they are frequently hit a second or even a third time by the same cybercriminals who, having been paid off and escaping scot-free the first time around, come back to do it repeatedly. 

“These days, being victimised by ransomware is more of a question of ‘when’ than ‘if’. Deciding whether to pay a ransom is not easy. But if you plan ahead and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn’t wasted as the ransom payment deadline approaches,”Steve Piper, the founder and CEO of CyberEdge, commented. 

The CyberEdge report shows there are three reasons why organisations pay ransoms — the threat that the extortionists will expose and publicise the data they have stolen, the fact that it can be cheaper to pay attackers than spending on proper cybersecurity defences, and an increasing (mis)belief that it is getting easier to recover stolen data.  

Also read: Ransomware attacks on Indian firms tripled in 2021; Maharashtra most-targeted state

But the reality may be very different, as Vishak Raman, Director, Security Business, Cisco India & SAARC said, “While paying the ransom to recover the lost information might look like the easiest alternative, it also means we are aiding the attackers’ business model, which will only lead to more ransomware.” 

According to an October 2021 report by Gartner, on average, only 65% of the data is recovered and only 8% of organisations manage to recover all of their data. While 32% organisations paid additional ransom to get access to data, two out of every 10 companies surveyed never got back their entire data even after repeated payments. 

Even in major ransomware incidents, including Colonial Pipeline that paid a $4.4 million ransom after the company shut down operations, global meat producer JBS paid $11.0 million or global insurance provider CNA Financial paid a reported $40.0 million, none have got back the complete stolen data.  

 What should companies do?  

To help combat these issues, it is recommended that enterprises increase IT security spending, as IT security admins are currently one of the highest in-demand roles along with IT analysts and architects. 

Another actionable way is offering proper training of employees. While it may not be financially feasible for organisations to increase spending in the IT security realm going by the tight budgets, increased training to make current employees more aware of potential threats can save substantially.  

Investing in proper security software, like next-generation firewalls and advanced security analytics may also be the key in preventing organisations from an incoming ransomware attack and could save enterprises significant headaches when thinking about keeping their systems safe. 

Again while some believe cyber insurance to be a valuable tool in the fight against ransomware, Jonas Walker, Security Strategist, Fortinet, APAC, cautioned that in case of a ransomware settlement, the coverage is limited. “It often covers the replacement of damaged computers and possibly fines associated with the loss of personal identifying information. But cyber insurance doesn’t cover the full impact of a cyberattack. In many cases, these losses can significantly exceed the insurance payout,” he said. 

As the massive technological innovations of the past decade — cloud computing, AI, drones, autonomous vehicles — provide new vectors for attack, ransomware attackers are not exiting the game anytime soon. 

According to Prateek Bhajanka, senior principal research analyst at Gartner, Organisations cannot completely prevent ransomware attacks. Companies just have to assume they will be hit, and have plans in place that enable a quick response. The only way forward for organisations is to prevent an infection from occurring in the first place.”  

Stressing on the importance to strengthen backups and also to treat ransomware as a business decision, Bhajanka said, “Everyone from the board and C-suite to line managers must be on the same page and treat security as a continuous endeavour that balances technology with people and processes. In other words, security needs to be cemented into an organisation’s DNA. This will also smooth all actions in the response, including deciding whether or not you should pay.” 

“Communication, advanced preparation, and understanding and then minimising risk is the best way to keep the operation up and running,” he said.