More and more organizations are paying the ransom. Why?
Most organizations (71%) were hit by ransomware in 2022, and most of them (63%) chose to pay the demanded ransom, according to Cyberthreat Defense Report (CDR) 2022 from CyberEdge Group.
The research firm indicates that possible explanations for the steady annual increase in the percentage of organizations that decided to pay the ransom may include: the threat of exposing exfiltrated data, increased confidence in data recovery, and the fact that many organizations find paying a ransom to be significantly less costly than system downtime, customer disruption, and potential lawsuits.
“72% of victims who paid a ransom recovered their data [in 2021]up from 49% in 2017. This increased confidence for successful data recovery is often factored into the decision to pay a ransom,” the company noted.
Similarly, BakerHostatler’s 2022 Data Security Incident Response Report states that in ransomware incidents the US law firm was called upon to handle in 2021, ransomware groups provided decryptors and held their promise not to publish stolen data 97% of the time.
“Ransomware gangs have noted that when they are diligent in helping victims recover their data, other victims are more likely to pay ransoms, which increases gang profits and creates greater incentive to launch more campaigns,” CyberEdge Group noted.
Longer negotiations lead to smaller payouts
“Top customer requests this year included assistance with the ‘pay-no-pay’ ransomware decision tree, OFAC compliance, and ransomware playbooks,” shared Ted Kobus, group president. digital asset and data management at BakerHostetler.
Recent figures provided by Palo Alto Networks and Coveware show that the average amount organizations pay to recover their data has increased significantly: Coveware reports $322,168 (as of Q4 2021) and PAN reports $541,010 (for all of 2021, for cases handled by its Unit 42 consultants).
BakerHostatler’s report, which is based on incidents handled by the law firm in 2021, shows a similar picture, but indicates that the average ransom demand paid in 2021 ($511,957) is about two-thirds of the average amount. paid in 2020 – that is, it has decreased.
“Over the same period, the median time between demand and payment was eight days compared to five days in 2020. This is likely a driving factor in the decrease in the average ransom demand paid,” the firm pointed out. attorneys based in the United States.
“More organizations have invested in improving their data backup capabilities and are able to continue at least partial operations after a ransomware incident, putting them in a better position to negotiate for a longer period. and get a bigger discount for the ransom note, if the need to pay arises.Additionally, if a decryption tool is not needed and an organization only pays to prevent further disclosure of their data , it can often take longer to negotiate the request, which can result in a larger discount.Developing business continuity protocols and identifying workarounds for critical business operations – before an incident – is essential to put organizations in the strongest position if they experience a ransomware incident.
The BakerHostatler report also states that:
- Ransomware accounted for 37% of files processed in 2021 (compared to 27% in 2020)
- Data exfiltration is the “new normal” for ransomware attacks.
- Companies have improved their ability to restore from backups
- Payments for a decryptor are more expensive than paying just to prevent disclosure.