A concerning number of ransomware victims have paid their attackers to retrieve their data or devices, according to CyberEdge Group’s annual Cyberthreat Defense Report. The 2022 edition features a survey of 1,200 IT security professionals and found that a whopping 63% of those suffering from ransomware attacks last year ended up compensating the malicious parties responsible for the attacks.
“These days, being victimized by ransomware is more of a question of ‘when’ than ‘if,’” said Steve Piper, founder and CEO of CyberEdge Group. “Deciding whether to pay a ransom is not easy. But if you plan ahead, and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn’t wasted as the ransom payment deadline approaches.”
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Reasons for funding ransomware
According to the Cyberthreat Defense Report, 71% of organizations were impacted by successful ransomware attack attempts last year, an increase of 55% from four years prior (2017).
CyberEdge found three potential reasons for companies to pay off those attacking them via ransomware:
- Threat of exposing exfiltrated data
- Lower cost of recovery
- Increased confidence for data recovery
To the first point, a number of factors could potentially play into why companies would not want their private data made public. For one, a potential loss in intellectual property could cause competitors in the industry to receive a free peek behind the curtain of the business, allowing the field to adopt ideas from the victim company. Another potential reason laid out by the report notes the potential for embarrassment for the vulnerable company if sensitive information was made widely available for viewing. This is one reason many companies opt to pay the ransom to avoid potential hassle.
The cost of recovering lost data is typically cheaper and less time consuming than haggling with ransomware groups, the study found. By avoiding the potential for system downtime, customer disruptions and potential lawsuits the victimized company would simply prefer to pay the requested ransom and avoid a lengthy service blackout and the fallout that typically stems from these processes.
Finally, companies were found in the survey to have a more successful time recovering data when the ransom was paid. Respondents said that 72% of the time after suffering an attack ransom-paying victims were able to recover their data. Largely all three motives for paying off those holding information or devices hostage were driven by convenience.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Potential solutions for future attacks
A portion of the report found that lack of skilled personnel was a major factor in failing to protect organizations from ransomware attacks, due to the Great Resignation. Another circumstance businesses are dealing with is low security awareness among employees, a problem that has been felt over the last three years. Both issues could be construed as compoundable problems, as organizations may be more concerned with finding employees to fill these highly important roles leading to training falling lower on a businesses’ priority list.
The strain put on existing employees due to lack of personnel and inadequate training due to the COVID-19 pandemic layoffs and Great Resignation cannot be underestimated. Many workers are trying to cover a large swath of security protocols, while dealing with understaffing, leading to gaps in cyber threat defenses, according to the report. Additionally, being forced to work off site has led to a number of issues, namely having the sufficient resources to work remotely while managing teams or systems that are on-premises.
To help combat these issues, it is recommended that enterprises increase IT security spending, as IT security admins are currently one of the highest in-demand roles along with IT analysts and architects. One more actionable way companies can work past the security issues that are cropping up is through proper training of employees. While it may not be financially feasible for organizations to increase spending in the security realm based on roadblocks such as budgets, increased training to make current employees more aware of potential threats can be a time and money saver when it comes to attacks.
Investing in proper security software is one of the other methods brought forth by the report as tech like next-generation firewalls and advanced security analytics may be the key in preventing organizations from an incoming ransomware attack and could save enterprises significant headaches when thinking about keeping their systems safe.