Two-Fifths of Ransomware Victims Still Paying Up
Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.
The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.
Some 87% said their organization had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.
Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.
This will have helped increase the total figure for cybercrime losses over the period. In 2019, just 15% of responding organizations reported losses of $500,000 or more, but this figure almost doubled to 28% by the following year. Figures for 2021 weren’t available.
Part of the challenge appears to be the inability of organizations to quickly detect and respond to any suspicious activity on their networks. Less than half (46%) said they strongly agree current solutions can evolve to detect new globally identified threats.
This is born out in response times: organizations take several days to detect known attacks from adversaries, including cybercrime organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days) and nation-states (2.9 days), the research claimed.
“We’ve known that cyberattacks have been increasing over the course of the pandemic, but we didn’t know to what degree global enterprises as a whole were being impacted,” said Anomali president Hugh Njemanze.
“This research reveals that adversaries have not only stepped up the number of attacks they have started launching since COVID-19 first struck the world, but have also greatly improved their success rates.”
It will remain frustrating for industry watchers that many organizations are still paying their extorters.
Research has revealed that even those who do so find their stolen data is leaked or monetized by their attackers in any case. A separate study claimed that paying might actually double the cost of recovery.
More Stories
Former RAC Employees Get Suspended Sentence for Data Theft
Two former RAC employees have been handed suspended prison sentences for trading in personal data Read More
Over 240 Million US Breach Victims Recorded in Q3
Supply chain victim numbers surge as more than 240 million US residents are impacted by data breaches in Q3 2024...
Smashing Security podcast #388: Vacuum cleaner voyeur, and pepperoni pact blocks payout
Join us as we delve into the world of unexpected security breaches and legal loopholes, where your robot vacuum cleaner...
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August...
Apple’s iPhone Mirroring Flaw Exposes Employee Privacy Risks
The privacy flaw in Apple’s iPhone mirroring feature enables personal apps on an iPhone to be listed in a company’s...
New BeaverTail Malware Targets Job Seekers via Fake Recruiters
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X Read More