Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 45% of US companies hit with a ransomware attack paid the hackers, but only 26% of those had their files unlocked. — SentinelOne, 2018
  • The average estimated business cost as a result of a ransomware attack, including ransom, work-loss, and time spent responding, is more than $900,000. — SentinelOne, 2018

Ransomware attacks continue to rise, and organizations that pay the hackers in hopes of unlocking their files often find themselves both out of luck and victims of future attacks, according to a new report from security firm SentinelOne.

Some 45% of US companies hit with ransomware last year paid at least one ransom, according to the report. However, only 26% of those actually had their files unlocked afterwards. Further, organizations that paid the ransom were targeted and attacked again 73% of the time, the report found.

The US Department of Homeland Security discourages companies from paying a ransom, as it encourages the business model, according to our sister site ZDNet. However, tech leaders acknowledge that it is often easier to pay the ransom and get your system back up and running quickly instead of investigating, ZDNet reported.

SEE: Incident response policy (Tech Pro Research)

Some 44% of the 500 enterprise security professionals surveyed for the report said that employees have paid a ransom without the involvement or sanction of IT or security teams. The US is also, on average, paying higher ransoms than any other region in the world, the report found: The average value of ransoms paid by US companies was $57,088, compared to a global average of $49,060.

The average estimated business cost as a result of a ransomware attack–including the ransom, work-loss, and time spent responding–is more than $900,000, the report found. US employees dedicated an average of 44 hours responding to ransomware infections, it added.

As for the root of the attacks, 53% of US organizations that were infected with ransomware last year said they blamed legacy antivirus (AV) protection for failing to prevent the attack, the report found. Nearly seven out of 10 of these companies said they have replaced legacy AV with improved endpoint protection to prevent future ransomware infections, and 96% of those that had been attacked said they were confident that they could prevent future attacks.

“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization,” Raj Rajamani, vice president of products at SentinelOne, said in a press release. “Paying the ransom isn’t a solution either – attackers are treating paying companies like an ATM, repeating attacks once payment is made.”