Skip to main content

Paying ransomware demands could double the cost

(Image credit: Image source: Shutterstock/Martial Red)

Paying ransom fees in exchange for the release of company data following a ransomware attack is not the cheapest way to solve the problem, suggests a new report from cybersecurity firm Sophos.

In fact, according to a poll of 5,000 IT decision-makers, the cost of recovery almost doubles if an organisation opts to pay the ransom.

The report states that, on average, businesses pay $730,000 to fully restart their operations following a ransomware attack. Those that paid ransom fees ended up spending $1.4 million on average to perform the same process.

The reason for the disparity is, at least in part, due to complexity associated with using decryption keys provided by the ransomware operators.

“Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” explained Chester Wisniewski, Principal Research Scientist at Sophos.

The company claims the public sector is least affected by ransomware, while media, leisure and entertainment businesses were among the most acutely affected.

In the majority of cases (56 percent), IT managers manage to restore operations by using a backup. Meanwhile, one percent of business that paid ransom fees subsequently failed to recover the stolen data.

“An effective backup system that enables organisations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” added Wisniewski.

“Advanced adversaries like the operators behind the Maze ransomware don’t just encrypt files, they steal data for possible exposure or extortion purposes. Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay. The way to address these malicious manoeuvres is to keep backups offline, and use effective, multi-layered security solutions that detect and block attacks at different stages.”