At a time when a backlash against caving into ransomware demands is starting to build, a new report finds that among organizations that opted to pay a ransom, a full 80% were attacked again.
Based on a survey of nearly 1,263 security professionals conducted by Cybereason, a provider of endpoint security tools, the survey also notes nearly half of respondents (46%) said they believed it was at the hands of the same attackers, while just over a third (34%) said they believed the second attack was perpetrated by someone else.
Regardless of who launched the second attack, it’s clear cybercriminals are taking note amongst themselves which organizations are an easy ransomware mark.
Adding insult to injury, nearly half of respondents (46%) reported some portion of the data recovered from cybercriminals had been corrupted anyhow.
The fact that cybercriminals can easily make use of cryptocurrencies to anonymously extort funds from organizations has not gone unnoticed in legislative circles. Various proposals have been made to ban cryptocurrencies because they are now routinely employed to fund a broad range of illicit activities.
Before that legislation might go into effect, the survey suggests more organizations are bolstering their ability to thwart a ransomware attack. In the wake of a ransomware attack, the top measures implemented include increased security awareness training (48%), creating a security operations center (SOC), implementing endpoint protection (44%), additional backup and recovery (43%), and email scanning (41%).
The survey finds the amount of ransom being demanded is steadily increasing as well. More than a third of businesses (35%) paid between $350,000-$1.4 million, while 7% paid ransoms exceeding $1.4 million. Two-thirds of organizations (66%) reported a significant loss of revenue following a ransomware attack, with more than half (53%) noting their brand and reputation were damaged as a result of a successful attack.
Just under a third (29%) reported being forced to lay off employees due to financial pressures following a ransomware attack. Nearly a third (32%) reported losing C-Level talent as a direct result of ransomware attacks. Just over a quarter (26%) also had to shut down operations for a period of time.Ransomware attacks top measures implemented include increased security awareness training (48%), creating a security operations center, implementing endpoint protection (44%), additional backup and recovery (43%) and email scanning (41%). Click To Tweet
Despite some recent arrests in the Ukraine, the volume of ransomware attacks doesn’t appear to about to decline. The summit between President Biden and his Russian counterpart Vladimir Putin appears to have been inconclusive, however, the two countries have renewed a non-binding pledge to not attack each other’s infrastructure. It’s not clear how much direct control Russia may have over the various groups within its borders that are launching ransomware attacks. President Biden reportedly informed Putin there should be some unspecified targets that are off-limits. The Russian government's official stance right now is these individuals have committed no crime within its borders and there are no agreements to extradite any alleged cybercriminals between the two countries.
It’s not clear just how far the Biden administration is willing to go in an effort to combat a ransomware scourge that is now considered a national crisis. In the meantime, however, organizations should assume that regardless of what the Biden administration does next, being perceived to be aiding and abetting cybercriminals by caving in to ransom demands rather than proactively securing an IT environment is going to have significant additional repercussions that are likely to result in ransom payments becoming prohibitively expensive no matter what the impact an attack is having on the business.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.