Skip to main content

Majority of ransomware victims are hit with a second attack after paying up

(Image credit: Image source: Shutterstock/Nicescene)

It does not pay to cave in to the demands of ransomware attackers, a new report from cybersecurity firm Cybereason argues.

Polling 1,300 security professionals around the world, the company found that 84 percent of businesses that decided to pay the ransom suffered a second attack. In more than half of cases, they were attacked by the same threat actors that conducted the initial assault.

To make matters worse, even if the attackers decide to return the stolen data, there is no guarantee it will be in good health. Almost half (43 percent) of the victims reported that at least some, if not all, of the data retrieved was corrupted during the recovery process. 

In just over half of cases (51 percent), businesses were asked for anywhere between $350,000 and $1.4 million in ransom. In a handful of cases (four percent), ransom demands exceeded $1.4 million.

Ransomware is considered as one of the most devastating types of attack. Organizations that suffer an attack risk losing business, C-level talent and employees, as well as souring their reputation and brand image, the report claims.

Instead of paying the ransom, businesses should focus on early detection and prevention strategies, Cybereason says.

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks," said Lior Div, CEO and co-founder of Cybereason.

"Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business."

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.