Two-Fifths of Ransomware Victims Still Paying Up
Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.
The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.
Some 87% said their organization had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.
Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.
This will have helped increase the total figure for cybercrime losses over the period. In 2019, just 15% of responding organizations reported losses of $500,000 or more, but this figure almost doubled to 28% by the following year. Figures for 2021 weren’t available.
Part of the challenge appears to be the inability of organizations to quickly detect and respond to any suspicious activity on their networks. Less than half (46%) said they strongly agree current solutions can evolve to detect new globally identified threats.
This is born out in response times: organizations take several days to detect known attacks from adversaries, including cybercrime organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days) and nation-states (2.9 days), the research claimed.
“We’ve known that cyberattacks have been increasing over the course of the pandemic, but we didn’t know to what degree global enterprises as a whole were being impacted,” said Anomali president Hugh Njemanze.
“This research reveals that adversaries have not only stepped up the number of attacks they have started launching since COVID-19 first struck the world, but have also greatly improved their success rates.”
It will remain frustrating for industry watchers that many organizations are still paying their extorters.
Research has revealed that even those who do so find their stolen data is leaked or monetized by their attackers in any case. A separate study claimed that paying might actually double the cost of recovery.
More Stories
Feds Link $150M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of...
Friday Squid Blogging: Squid Loyalty Cards
Squid is a loyalty card platform in Ireland. Blog moderation policy. Read More
Rayhunter: Device to Detect Cellular Surveillance
The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for...
Ransomware Groups Favor Repeatable Access Over Mass Vulnerability Exploits
Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking...
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags
AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling...
Medusa Ransomware Claims 40+ Victims in 2025, Confirmed Healthcare Attacks
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments...