80 PER CENT OF VICTIMS PAY RANSOM
A recent survey conducted by Forbes has revealed that approximately 80 per cent of ransomware attack victims end up paying the ransom in order to protect their data. This finding highlights the prevalence of ransom payments as a strategy for businesses to regain access to their compromised systems.
According to Mr. Backer, more than 72 per cent of businesses have been affected by ransomware attacks so far in 2023. This represents a significant increase from previous years and is the highest figure reported to date. The rise in ransomware attacks has become a major concern for businesses, with predictions indicating that ransomware will cost victims roughly US$265 billion annually by 2031.
Mr. Flores emphasized the challenging decision-making process that companies face when dealing with ransomware attacks. The pressure to resume operations quickly often leads businesses to opt for paying the ransom in order to receive the decryption tool and minimize downtime. This need for swift recovery plays a key role in the high percentage of victims who choose to pay the ransom.
The willingness of organizations to pay ransoms was further underscored by reports that ride-hailing platform Uber allegedly paid a US$100,000 ransom to hackers in 2019. Similarly, it was mentioned that banks like ICBC may have also paid ransoms, although such information is typically not disclosed to the public due to concerns about reputation and potential encouraging of further attacks.
Dr. Kerrison emphasized that companies’ decision to pay ransoms may not always be driven by the desire to keep the incidents a secret, but rather by the lack of alternative options in difficult circumstances. Mr. Backer further cautioned against blindly accepting the claims made by attackers and advised treating such information with caution.
One of the key factors driving the increase in ransom payments is the rise of the ransomware-as-a-service (RaaS) model. This model has made it more accessible for cybercriminals of varying skill levels to carry out ransomware attacks, ultimately leading to a surge in the number of victims. He Feixiang, an adversary intelligence research lead at Group-IB, emphasized that RaaS allows individuals to easily develop and distribute ransomware, contributing to the growing prevalence of ransom payments.
Moreover, analysts highlighted that the collaboration among ransomware groups, encryption-less attacks, and the availability of cryptocurrency services have facilitated the movements of hackers and increased the number of ransomware cases. These developments have made it easier for hackers to target companies and demand ransoms, ultimately driving up the overall number of ransom cases.
In conclusion, the prevalence of ransom payments among victims of ransomware attacks underscores the significant impact of this cyber threat on businesses. The challenging decision-making process faced by organizations, combined with the factors driving the increase in ransom payments, calls for a proactive approach to cybersecurity to mitigate the risks associated with ransomware attacks.