To Avoid Disruption, Ransomware Victims Continue to Pay Up

For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

Ransomware attacks on organizations are likely to continue unabated in the near term if the results of a new survey by Proofpoint are any indication.
The security vendor recently polled 600 IT security professionals from around the world on trends related to phishing and other email-borne threats.
The results showed that 33% — or nearly 200 of the organizations represented in the survey — paid a ransom last year to get their data back after experiencing a ransomware infection. Another 32% reported being infected with ransomware but refusing to accede to attacker demands for payment.
Sixty-nine percent of the organizations that paid a ransom said they got back access to their data and systems after the first payment. But 22% never regained access to their data after paying the demanded ransom, while 7% got hit with additional demands and ended up walking away empty-handed anyway. Two percent were forced to pay more money to regain access to encrypted systems and data.
Proofpoint said it is unclear what the organizations that didnt pay a ransom did to recover access to encrypted systems and data or what disruption they might have endured as a result of their refusal to pay.
Results from the Proofpoint survey are another reminder that for all the cautions against doing so, many ransomware victims are willing to pay off their attackers if it means avoiding the disruption, work, and cost involved in restoring data on their own. A September 2019
Dark Reading survey
showed a nearly fourfold increase over 2018 — from 4% to 15% — in ransomware victims that paid to get their data back after an infection.
We regularly observe that cybercriminals target entities that could be highly motivated to pay a ransom, says Gretel Egan, security awareness training strategist at Proofpoint.
For example, healthcare organizations are a particularly appealing target for ransomware attacks because of the nature of their business, she says. Even those with good data backup systems could be motivated to pay because of the time required to restore ransomware-infected systems. Recent reports have shown how a ransomware attack can force hospitals and medical centers to essentially shut down and turn patients away, Egan says.
Because of this, a hospital that loses access to critical data and systems may feel its to their benefit to pay the ransom and get the servers decrypted and functional instead of exhausting traditional remedies, like restoring from backup, she notes.
Going Against Advice
The
survey results
are likely to dismay many security experts who say that paying ransoms is only going to encourage more attacks. Over the past 18 months or so, threat actors have shifted from mass-volume spray-and-pray attacks on consumers to more targeted and carefully planned ransomware campaigns against businesses, government, and public-sector entities. Municipal entities, in particular, have been targeted heavily.
According to security vendor
Kasperksy
, there were at least 174 municipal institutions and more than 3,000 affiliated organizations targeted in ransomware attacks in 2019. The average ransom demands in these attacks tended to range from around $1 million to over $5.3 million. Scores of
school districts and colleges
were also targeted in ransomware attacks last year.
Most victims refused to pay. In July, for example, some 1,400 mayors from around the country committed to not paying a ransom in case they were attacked. Cities and municipalities that refused to pay ended up spending millions of dollars and multiple weeks to recover access to locked up data. The attacks also crippled city services and forced many to resort to manual operation for days. Some victims — like the
City of Riviera
in Florida — paid their attackers to regain access to locked-up data.
For enterprise organizations, it is not just the volume of ransomware attacks that is a concern, but also their growing sophistication. These days many ransomware attacks are multiphased in nature, with attackers first breaking into a target network and lurking around for some time to identify the most high-value systems before striking. Threat actors are increasingly attacking backup systems, threatening public disclosure of corporate data, and generally making recovery much harder for victims in order to force them to pay.
Weve observed cybercriminals often launching quieter primary infections via targeted emails with banking Trojans, downloaders, etc., that can potentially sit on infected machines for extended periods collecting data, Egan says. In many cases, once a cybercriminal gains a foothold into a corporate network this way, that person then uses the network as a platform to launch incredibly targeted secondary attacks, she says.
For organizations, the trend highlights the need for a more people-centric security focus. As widespread, critical technical vulnerabilities become increasingly rare and therefore more expensive to acquire and use, cybercriminals have shifted their efforts to target individuals through email and social engineering, Egan says.
Related Content:
Ransomware Situation Goes From Bad to Worse
US Mayors Commit to Just Saying No to Ransomware
8 Head-Turning Ransomware Attacks to Hit City Governments
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
The Y2K Boomerang: InfoSec Lessons Learned from a New Date-Fix Problem
.

Last News
▸ Black Hat USA 2013, talk on NAND & Windows 8 Secure Boot hacking. ◂ Discovered: 26/12/2024 Category: security	▸ Security Talk: 7 Ways To Grab Users Attention ◂ Discovered: 26/12/2024 Category: security	▸ Gartner: Secure Mobile Users Early ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
To Avoid Disruption, Ransomware Victims Continue to Pay Up