It’s easy to see why ransomware aimed at businesses is such a cash cow for criminals: for every Norsk Hydro and Fujifilm that refuses to pay the ransom, there is a Colonial Pipeline and JBS USA that pays up millions.
A recent Randori survey that polled 400 security decision-makers across the US confirms that impression: among the companies that were hit by ransomware in the past two years, 47% have paid the ransom.
How many have been hit?
According to the same survey, ransomware struck nearly half of businesses within the past 24 months!
The threat is so ubiquitous that 74% of the polled security leaders said that, in this day and age, ransomware is simply a cost of doing business.
Should ransom payments be prohibited or not? The question is so difficult to answer that even the Institute for Security and Technology’s Ransomware Task Force could not provide a definitive opinion.
What to do before and after you’ve been hit?
While the White House urges private sector organizations to implement a number of defenses against ransomware, most of those already hit by ransomware are already working on it.
87% of decision makers belonging to that group have changed their security strategy and 40% are increasing their spend. According to the survey, companies shifted their strategy to increase focus on prevention (51%), resiliency (48%), visibility (47%), EDR & disast ..