It's no secret that ransomware attacks have spread like wildfire through enterprises since 2016. However, this marks the first year that the majority of company executives—53%—reported paying a hacker's ransom following an attack, in attempts to unlock critical business files, according to a Tuesday report from Radware.
This figure comes as 69% of executives said that their company faced a ransom attack in the past year—up from 14% in 2016, the report found. Some 66% of the 200 executives surveyed worldwide said they are not confident in their network security, and admit that their networks are penetrable by hackers.
Beyond the ransom payment—which, along with work loss and response time, can end up costing organizations more than $900,000 on average—organizations are facing other consequences in the aftermath of cyberattacks. Some 41% of executives said their organization faced legal action from customers following a security breach, while 34% reported brand reputation loss.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Paying the ransom may seem like the easiest way out of a difficult situation, as hackers target critical files and business critical systems. However, paying up can signal that a business is an easy target, and may lead to another attack in the future, security experts warn.
The FBI does not recommend businesses pay the ransom in attempts to unlock their files, according to its Internet Crime Complaint Center's Internet Crime Report. "Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom," the report stated. "Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved." Indeed, another recent report found that only 26% of US companies that paid ransomware attackers actually had their files unlocked.
Instead, companies that become victims should report the incident to their local FBI field office immediately, the FBI report noted.
"A ransom payment may make the problem go away for now, but these types of responses won't drive a business forward," Anna Convery-Pelletier, chief marketing officer at Radware, said in a press release. "A reactionary security strategy limits an organization's ability to secure customer data, protect their brand's reputation, and achieve business goals. Investing in appropriate security solutions is no longer simply an IT expense, it is fundamental to a business' long term success."
Any time a company pays the ransom, an attacker wins. However, the exact number of those who are paying up may be in question: Another report out on Tuesday claimed that only 12% of companies were now paying the ransom.
To avoid having to pay a ransom, companies should back up all files daily, and keep all software up to date. For more tips on how to avoid ransomware attacks, click here.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 69% of executives said that their company faced a ransomware attack in the past year, up from 14% in 2016. — Radware, 2018
- 53% of executives reported paying a hacker's ransom following a cyberattack. — Radware, 2018
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- Ransomware, stolen data or malware: How do online crooks really make their money? (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Android Security and Privacy Starter Kit (Download.com)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.