Most Ransomware Victims Are Hit Again After Paying

Some 80% of global organizations that have paid a ransom demand experienced another attack, often at the hands of the same threat actors, according to a new study from Cybereason.

The security vendor polled 1,263 cybersecurity professionals in multiple verticals across the US, UK, Spain, Germany, France, the United Arab Emirates, and Singapore to compile its latest report, Ransomware: The True Cost to Business.

It confirmed what law enforcers and commentators have been saying for some time – victim organizations should, if possible, avoid paying their extorters. Some 46% of respondents, rising to 53% in the UK, said they believe the same threat group attacked them the second time.

However, this can be difficult to ascertain definitively given the large number of affiliate groups working with the same malware strains. A Sophos report this week revealed that no two REvil affiliates work in the same way.

Not only does paying a ransom encourage copycat crimes, but there’s no guarantee of a swift return to business-as-usual. Cybereason found that in nearly half (46%) of cases, the victim organization regained access to data following payment, but some or all of it was corrupted.

The report also laid bare the potentially devastating consequences of a successful ransomware attack. Two-thirds (66%) of respondents said they suffered significant revenue loss, over half (53%) said their brand suffered, and a third (32%) lost leadership through dismissal or resignation.

In some cases, an attack can have an existential impact: 29% said they were forced to eliminate jobs following an incident. A quarter (25%) of respo ..

Support the originator by clicking the read the rest link below.