Paying Ransomware Demands Rarely Pays Off

Philip BaderCybersecurityLeave a Comment

Cybersecurity experts and law enforcement agencies have consistently warned against paying ransomware attackers to restore access to encrypted files. In its guidelines on ransomware, the FBI discourages paying a ransom primarily for two reasons: payment doesn’t guarantee that you’ll get your data back, and it encourages more attacks by offering greater incentives for criminal behavior.

Recent data shows there’s a pretty good reason for heeding that advice. Only 8 percent of those who decide to pay a ransom ever get access restored to all of their compromised data, according to the Sophos State of Ransomware 2021 report. The Sophos study is based on survey responses from 5,400 IT decision makers mainly from the IT/technology/telecoms sectors in 30 countries during January and February this year.

Ransomware Is a Growth Industry

The return on investment in paying ransoms might be quite low, but it hasn’t stopped victims across all industrial sectors from paying them anyway. Some 32 percent paid to restore access to their data, up from 26 percent in the previous year, according to Sophos. Victims in the energy, oil and gas, and public utilities sectors are the most likely to submit to ransom demands in an attempt to maintain continuity of service for critical infrastructure.

In fact, cyber criminals are reaping the rewards of their criminal behavior like never before, according to Palo Alto Networks’ Unit 42 Ransomware Threat Report 2021. The average ransom paid by organizations for a decryption key increased from just over $115,000 in 2019 to more than $312,000 in 2020 – a 171 percent spike year-on-year. Last year also saw the highest recorded ransom demand ($30 million) and the highest individual ransom payment ($10 million).

Calculating the Cost

It’s easy to forget that the payment of a ransom is only one factor in the costs associated with ransomware attacks. Others include lost revenue from downtime, payments for forensic analysis and repair, credit monitoring for affected customers, and additional staff hours. The average remediation costs paid so far in 2021 topped $1.85 million, more than double the costs reported by ransomware victims in 2020, according to the Sophos report.

Far harder to estimate is the harm to an organization’s reputation in the wake of a ransomware attack and, more specifically, a data breach. A report by CSO Online found that reputational harm for some companies was substantial but temporary. Target’s retail sales fell 46 percent and its stock dropped 10 percent in 2013 after the breach of 100 million customer records. But the mega-retailer quickly rebounded.

Data breaches in other sectors can have greater consequences for an organization’s reputation and financial bottom line. In healthcare, one of the most frequent targets for ransomware attacks, the breach of protected patient information can incur substantial regulatory fines under the Health Information Portability and Accountability Act (HIPAA). Figures compiled by HIPAA Journal show that fines in 2020 ranged from as little as $3,500 to more than $6.8 million.

Don’t Underestimate Your Risk

Ransomware attacks get more sophisticated each year as technology changes and securing computer networks becomes more difficult. The Sophos report found that 65 percent of survey respondents that did not report a ransomware attack in the last year say they expect to in the future. Some 22 percent admit they have significant gaps in their cybersecurity, with local government and education being the most likely sectors to admit to having weaknesses.

Federal agencies including the FBI and the Cybersecurity and Infrastructure Security Agency agree on several measures to mitigate the risk of a successful attack, including keeping operating systems, software and applications properly updated, using antivirus and anti-malware solutions, regular and frequent offline backups, and developing an effective continuity plan in case of a successful attack.

SecureData has designed its comprehensive data security solutions with these federal guidelines in mind. Our FIPS-validated, hardware-encrypted storage devices keep backed up and portable data safe in transit and at rest. Remote drive management options give IT administrators total control over where, when, and how data can be accessed. For hardened endpoint security, our SecureGuard port-blocking solution protects one of the most common vectors of attack by ransomware and malware.

For more than a decade, SecureData has driven innovation in hardware-encrypted data storage and comprehensive security solutions for critical industrial sectors. Call us at 1-800-520-1677 to learn more about how we can help you implement the right data security strategy.