84% of firms are hit again after submitting to ransom demands; with data corrupted during the recovery for 43%

Just days after the UK’s National Cyber Security Centre’s CEO, Lindy Cameron, issued a warning of the serious threat that ransomware presents, a study has found that 84% of companies affected by ransomware went on to experience a second hit after choosing to pay the ransom demand.

According to Cybereason, the firm behind the study, 53% of the time the second attack was at the hands of the same threat actor.

Moreover, of the firms which opted to pay a ransom demand to regain access to their encrypted systems, 43% reported that some or all of the data was corrupted during the recovery process.

Paying ransoms doesn’t pay

The findings underscore why it does not pay to pay ransomware attackers, and that organisations should focus on early detection and prevention strategies.

“Ransomware attacks are a major concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,” said CEO and co-founder of Cybereason, Lior Div. 

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks.”

“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business.”

Other key findings included in the full report reveal the extent to which losses to the business may be covered by cyber insurance and how prepared organisations are to address ransomware threats to the business, including:

  • Loss of Business: 47 percent of organisations reported significant loss of business following a ransomware attack. Of these individuals, 61% admitted to losing revenue.
  • Ransom Demands Increasing: 51 percent of businesses that paid a ransom demand shelled out between £250,000 - £1 million, while 4 percent paid ransoms exceeding £1 million.
  • Brand and Reputation Damage: 63 percent of organisations who admitted to losing business indicated that their brand and reputation were damaged as a result of a successful attack
  • C-Level Talent Loss: 45 percent of organisations who admitted to losing business reported losing C-Level talent as a direct result of ransomware attacks
  • Employee Layoffs: 31 percent of those who admitted to losing business reported being forced to layoff employees due to financial pressures following a ransomware attack
  • Business Closures: A startling 34 percent of organisations who admitted to losing business reported that a ransomware attack forced the business to close down operations entirely