For all the cautions against doing so, one-third of organisations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.
Ransomware attacks on organisations are likely to continue unabated in the near term if the results of a new survey by Proofpoint are any indication.
The security vendor recently polled 600 IT security professionals from around the world on trends related to phishing and other email-borne threats.
The results showed that 33% — or nearly 200 of the organisations represented in the survey — paid a ransom last year to get their data back after experiencing a ransomware infection. Another 32% reported being infected with ransomware but refusing to accede to attacker demands for payment.
Sixty-nine percent of the organisations that paid a ransom said they got back access to their data and systems after the first payment. But 22% never regained access to their data after paying the demanded ransom, while 7% got hit with additional demands and ended up walking away empty-handed anyway. Two percent were forced to pay more money to regain access to encrypted systems and data.
Proofpoint said it is unclear what the organisations that didn’t pay a ransom did to recover access to encrypted systems and data or what disruption they might have endured as a result of their refusal to pay.
Results from the Proofpoint survey are another reminder that for all the cautions against doing so, many ransomware victims are willing to pay off their attackers if it means avoiding the disruption, work, and cost involved in restoring data on their own. A September 2019 Dark Reading survey showed a nearly fourfold increase over 2018 — from 4% to 15% — in ransomware victims that paid to get their data back after an infection.
“We regularly observe that cybercriminals target entities that could be highly motivated to pay a ransom,” says Gretel Egan, security awareness training strategist at Proofpoint.
For example, healthcare organisations are a particularly appealing target for ransomware attacks because of the nature of their business, she says. Even those with good data backup systems could be motivated to pay because of the time required to restore ransomware-infected systems. Recent reports have shown how a ransomware attack can force hospitals and medical centres to essentially shut down and turn patients away, Egan says.
“Because of this, a hospital that loses access to critical data and systems may feel it’s to their benefit to pay the ransom and get the servers decrypted and functional instead of exhausting traditional remedies, like restoring from backup,” she notes.
Help keep your organisations safe from ransomware, run your users through cyber security awareness training to help them spot the tell-tale signs of an attack.
With thanks to the Cyber Defence Alliance and DarkReading.com. The full story is here: https://www.darkreading.com/attacks-breaches/to-avoid-disruption-ransomware-victims-continue-to-pay-up/d/d-id/1336863
Free Ransomware Simulator Tool
How vulnerable is your network against ransomware attacks?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 15 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.
Here’s how it works:
- 100% harmless simulation of real ransomware and cryptomining infections
- Does not use any of your own files
- Tests 16 types of infection scenarios
- Just download the install and run it
- Results in a few minutes!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW