Many businesses would happily pay a ransomware demand in order to retrieve stolen files or data, in spite of law enforcement and cybersecurity experts alike warning against it, new research has found.
A report from Neustar claims that 60% of firms would rather shell out the funds and get on with their lives, instead of fiddling with backup solutions. A fifth would pay as much as 20% of their annual revenue to get their data, and their systems, back.
The threat of ransomware has risen to the point where it is now the top concern across more than a dozen threat vectors – with Neustar finding that over the course of the last two years, IT workers have never been as worried about ransomware as they are today.
Neustar found that several recent high-profile attacks have prompted 80% of cybersecurity pros to place more emphasis on the protection against ransomware threats. Most (74%) consider the current solutions available on the market relatively sufficient in detecting, preventing, and mitigating attacks – with the rest (26%) viewing them as quite insufficient.
Ransomware has evolved from malware that attacks everyone, encrypts all the data on a target device and demands small payments in cryptocurrencies in exchange for the decryption key, into a serious threat that targets specific companies, demands large payments, and threatens not only to lock up the systems permanently, but also to sell or leak sensitive corporate data online.
High-profile attacks
American meat processing firm JBS confirmed it paid $11 million to the REvil ransomware operators a month ago. Colonial Pipeline, which also suffered a major ransomware attack last month, which took its systems offline for almost a week and sent oil prices higher, paid its attackers – the DarkSide gang, $5 million.
Experts have warned against paying a ransom for multiple reasons – primarily that doing so doesn’t guarantee the victim would get its systems, or its data back.
If it does get its data back, it can be incomplete or corrupted. And finally, paying the ransom doesn’t prevent future attacks, and in many cases, the victims suffer another attack soon after the first one, often being from the same malicious actor.