Ransomware victims are paying up. But then the gangs are coming back for more

• by Olivia Lawlor-Blackburn
• Industry News

Many organisations that fall prey to ransomware attacks end up paying a ransom multiple times as cyber criminals exploit weaknesses in cybersecurity to squeeze their victims for as much cash as they can.

According to analysis by cybersecurity researchers at Proofpoint, 58% of organisations infected with ransomware paid a ransom to cyber criminals for the decryption key – and in many cases, they paid up more than once. Law enforcement agencies and cybersecurity experts warn organisations against paying ransoms, because not only is there no guarantee that the supplied decryption key will work, giving in to ransom demands just encourages more ransomware attacks as it shows cyber criminals that the attacks work.

Of those who paid the ransom, just over half – 54% – regained access to data and systems after the first payment. But another third of ransomware victims ended up paying an additional ransom demand before they received the decryption key, while a further 10% also received additional ransom demands but refused the additional payment, walking away without their data.

In 4% of cases, organisations paid a ransom or ransoms but still couldn’t retrieve their data, either because of a faulty decryption key, or because the cyber criminals simply took the money and ran.

When organisations fall victim to ransomware attacks, the crooks have often been inside that network for weeks or months prior to the attack. That means that even if the ransom is paid, the hackers have the necessary controls and permissions to return and trigger another attack.

Read via Zdnet