Two-Fifths of Ransomware Victims Still Paying Up
Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.
The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.
Some 87% said their organization had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.
Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.
This will have helped increase the total figure for cybercrime losses over the period. In 2019, just 15% of responding organizations reported losses of $500,000 or more, but this figure almost doubled to 28% by the following year. Figures for 2021 weren’t available.
Part of the challenge appears to be the inability of organizations to quickly detect and respond to any suspicious activity on their networks. Less than half (46%) said they strongly agree current solutions can evolve to detect new globally identified threats.
This is born out in response times: organizations take several days to detect known attacks from adversaries, including cybercrime organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days) and nation-states (2.9 days), the research claimed.
“We’ve known that cyberattacks have been increasing over the course of the pandemic, but we didn’t know to what degree global enterprises as a whole were being impacted,” said Anomali president Hugh Njemanze.
“This research reveals that adversaries have not only stepped up the number of attacks they have started launching since COVID-19 first struck the world, but have also greatly improved their success rates.”
It will remain frustrating for industry watchers that many organizations are still paying their extorters.
Research has revealed that even those who do so find their stolen data is leaked or monetized by their attackers in any case. A separate study claimed that paying might actually double the cost of recovery.
More Stories
Friday Squid Blogging: Squid Trackers
A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights....
How To Teach Your Kids About Deepfakes
Is it real? Is it fake? Deepfake technology has certainly made everything far more complicated online. How do you know...
Alarming Decline in Cybersecurity Job Postings in the US
This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report Read More
Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds...
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements Read More
Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group...