It doesn't pay to pay a ransom: Cybereason study

Photo: Cybereason

Forty-five percent of those who opted to pay a ransom demand in order to regain access to their encrypted systems also had some or all of their data corrupted during the recovery process.

“When ransomware gangs attack a second, third or fourth time in a matter of weeks, it can bring an organisation to its collective knees. Deploying effective anti-ransomware solutions is easier said than done, and the hackers know it,” says Eric Nagel, general manager for APAC at Cybereason.

See also: Tesla Cybertruck to go on tour in China to burnish tech cred

He adds: “After being hit the first time by a ransomware attack, organisations need time to assess their security posture, determine what are the right tools to deploy, and then find the budget to pay for it. The ransomware gangs know this, and it is the biggest reason they strike again quickly.”

The study also found that 63% of Singapore respondents believe ransomware gangs got into their network via one of their suppliers or business partners.

More importantly, over 90% admitted that ransomware gangs were in their network up to six months before they discovered them. This points to the double extortion model where attackers first steal sensitive data before threatening to make it public if the ransom demand is not paid.

See also: Samsung races Apple to develop blood sugar monitor that doesn't break skin

Apart from business disruptions, ransomware attacks have also led to C-level resignations (40%) and staff layoffs (20%).

These findings underscore why it does not pay to pay ransomware attackers, and that organisations should instead focus on detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.