Ransomware: How Many Businesses Pay?

A recent survey discovered that 83% of ransomware victims spoken to had paid the ransom to the attackers, concluding that they had no other choice.

Cybersecurity company ThycoticCentrify surveyed 300 US-based IT decision makers as part of their 2021 “State of Ransomware Survey & Report", which included some shocking numbers with regards ransomware attacks. The survery discovered that a whopping 64% had been the victims of a ransomware attack in the last once, and that 83% had paid the ransom that their attackers demanded. The most common routes for systems to get infected via were found to be email (53%), applications (41%) and the cloud (38%). The survey also found that businesses are getting better equipped to combat ransomware, implementing measures like regular backups of data, regular software updates, and enforcing password best practices.

While some of the data in the report are worrying, it’s not a surprise that so many businesses are coughing up ransom payments; organisations such as Colonial Pipeline and JBS have been open about paying. Cybersecurity recommend not paying ransoms, as it can act as incentive to cybercriminals. However, some business leaders have argued that if the economics are in favour of paying the ransom, they it could be the right move for an organisation. Although it’s far from a guarantee that paying a ransom will result in the decryption key being handed over.

Ransomware is a growing threat to organisations of all sizes, although cybercriminals are increasingly targeting larger businesses in the hope of securing a much higher ransom. ThycoticCentrify’s report also found that organisations are increasingly spending more money on combatting ransomware; 93% of those surveyed said they were budgeting specifically to fight against ransomware. This is no surprise, as 50% reported expericing loss of revenue from a ransomware attack, while 42% said they had lost customers as a result of an attack.