9 in 10 ransomware victims will pay if attacked again — Kaspersky

About 88% of organizations that fell victim to ransomware are willing to pay again should another attack happen. This is one of the findings of the new Kaspersky report, “How business executives perceive ransomware threat.”

The figure is much lower (67%) for organizations that have not experienced a ransomware attack. While ransomware remains a prominent threat, with two-thirds (64%) of companies already having suffered an attack, paying ransom seems to be perceived by executives as a reliable way of addressing the issue.

These companies believe that paying ransom is the quickest way to recover their data 33% of previously attacked companies versus 15% of companies that have never been victimized), or to pay after only a couple of days of unsuccessful decrypting attempts (30% vs. 19%).

Kaspersky discovers targeted ransomware attacks on high-profile victims grew by over 700%
Kaspersky trends report shows evolution of ransomware groups

The persistent threat of ransomware should have put organizations and business leaders on high alert whether they are already victims or not.

APT groups

“Ransomware has become a serious threat to corporations with new samples regularly emerging and APT groups using it in advanced attacks,” said Sergey Martsynkyan, VP, Corporate Product Marketing at Kaspersky, in a media release. “Even an accidental infection can cause problems for a company. And because it’s about the business’ continuity, executives are forced to make tough decisions about paying the ransom.”

Ransomware remains a real threat to cybersecurity. The report notes that two-thirds (64%) of companies confirm they have experienced this type of incident and 66% anticipate that an attack on their business will happen at some stage, viewing it as more likely than other common attack types, such as DDoS, supply-chain, APT, cryptomining or cyber-espionage.

“Giving money to criminals is never recommended though, as this doesn’t guarantee that the encrypted data will be returned and it encourages these cybercriminals to do it again,” Martsynkyan said.

Steps Kaspersky recommends to enhance protection against ransomware by:

  • Always keep software updated on all your devices to prevent attackers from exploiting vulnerabilities and infiltrating your network.
  • Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network.
  • Set up offline backups that intruders won’t be able to tamper with. Make sure you can quickly access them in the event of an emergency.
  • Enable ransomware protection for all endpoints. Kaspersky Anti-Ransomware Tool for Business is a free tool that shields computers and servers from ransomware, along with other types of malware, preventing exploits. It is compatible with already installed security solutions.
  • If you’re an enterprise company, use anti-APT and EDR solutions for advanced threat discovery and detection, investigation and timely remediation of incidents, and access to the latest threat intelligence. Use an MDR provider to help effectively hunt advanced ransomware attacks. All of this is available with Kaspersky Expert Security.
  • If you become a victim, never pay the ransom. It won’t guarantee you get your data back but it will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency.