Newly published research of 1,200 organizations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research from data resilience specialists Veeam, some 80% of the organizations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber-attack and recover otherwise lost data. This despite 41% of those organizations having a “do not pay” policy in place. Which only goes to reinforce the cold hard fact that cybercrime isn’t an easy landscape to navigate, something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.
The Sobering Truth For 21% Of Ransom Payers
Of the 960 organizations covered in the Veeam 2023 Ransomware Trends Report, that paid a ransom, 201 of them (21%) were still unable to recover their lost data. Perhaps it’s a coincidence, who knows, but the same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organizations with cyber-insurance cover, 74% reported a rise in premiums.
Although I feel bad for those who paid up to no avail, I can’t say I’m surprised. Two years ago, I was reporting the same truth, albeit with larger numbers, when it came to trusting cybercriminals to deliver on their promises. Back then another ransomware report, this time from security vendor Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.
The Decision To Pay A Ransom Is Never A Binary One
Of course, as already mentioned, the decision to pay is not and never can be a totally binary one. But ,and I cannot emphasise this enough, it is always wrong.
You only have to ask the question of who benefits most from a ransom being paid to understand this. The answer is the cybercriminals, those ransomware actors who are behind the attacks in the first place. Sure, an organization may well argue that it benefits most as it gets the business back up and running in the shortest possible time. I get that, of course I do, but maybe investing those million bucks (sometimes substantially less, or more) in better data security would have been better to begin with?
But, they may well argue again, that’s what the cyber-insurance is for, paying out the big bucks if the sticky stuff hits the fan. Sure, but the answer to my original question remains the same: it’s the ransomware actors that are still winning here. They get the pay out, which empowers them to continue and hunt even more organizations.
Ransomware Has Evolved, But Security Basics Remain The Same
Then there’s the not so small matter of how most ransomware actors no longer just encrypt your data, and often your data backups, if they do so at all. Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double-whammy ransomware attack. I have even reported on one company that got hit by three successful ransomware attacks, by three different ransomware actors, within the space of just two weeks.
Which brings me back to my point of ensuring your data is properly secured is paramount. Why bother paying a ransom if you don’t fix the holes that let the cybercriminals in to start with?
“Although security and prevention remain important, it’s critical that every organization focuses on how rapidly they can recover by making their organization more resilient,” Danny Allan, chief technology officer at Veeam, said. “We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”