Ransomware illegal Sales
James Chavis
IT Executive / Cybersecurity / Project Management / Threat Mitigation / Training / Business Automation / IT Strategy
According to Sophos, the average ransom paid by businesses last year was just over $170,000. The most common payment was $10,000. But how many people actually pay up? Accurate figures are hard to get, because (understandably) most businesses try not to advertise the fact that they’ve given in to extortion. But if recent research from the UK is reflective of what’s happening globally, then it seems that around half of businesses do actually pay.
It’s easy to see why some businesses might go down this route. Meeting the fraudster’s demands might seem like the quickest, easiest, and least costly way to get back to normal.
But costs-wise, just bear in mind the following:
- 92% of organizations who pay a ransom do not get all of their data back. On average, they recover just 65% of it.
- There’s a real risk of getting nothing back at all. The fraudster might simply disappear without supplying you with a decryption key, or the key may be flawed, meaning that some or all of your files remain inaccessible.
- Even if systems access is regained, the data has already been exploited. Sensitive data (e.g. customer account details) may already be out in the wild, so you will still need to notify customers.
The FBI and other enforcement agencies advise against paying a ransom in the strongest possible terms. It doesn’t usually make the clean-up costs go away: it just means you are handing over a five-figure sum (or more) to a fraudster, on top of those costs. Renaissance Systems advice against bending to hackers and Ransomware attacks. It might seem like your first but likely won't be your last.