Companies continue to pay multiple ransom demands

Issue 3 2022 News, Cyber Security

Cybereason has published the results of its second annual ransomware study, during a year of unprecedented attacks, to better understand the true impact on businesses. This global study reveals that 73% of companies suffered at least one ransomware attack in 2022, compared with just 55% in the 2021 study.

The study once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of companies that paid were hit by ransomware a second time, with 68% saying the second attack came in less than a month and 67% reporting that threat actors demanded a higher ransom amount.

The report, titled Ransomware: The True Cost to Business Study 2022, further revealed that of the companies who opted to pay a ransom demand in order to regain access to their encrypted systems, 54% reported that some or all of the data was corrupted during the recovery process, compared to 46% in 2021, an increase of 17% year-on-year.

These findings underscore why it does not pay to pay ransomware attackers, and that companies should focus on detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.


Lior Div.

Cybereason CEO and co-founder, Lior Div, says ransomware attacks are traumatic events, and when ransomware gangs attack a second, third or fourth time in a matter of weeks, it can bring an organisation to its collective knees. “Deploying effective anti-ransomware solutions is easier said than done, and the hackers know it.

“After being hit the first time by a ransomware attack, companies need time to assess their security posture, determine what are the right tools to deploy, and then find the budget to pay for it. The ransomware gangs know this, and it is the biggest reason they quickly strike again,” he explains.

Key findings in the research include:

• A weak supply chain leads to ransomware attacks: Nearly two-thirds (64%) of companies believe the ransomware gang got into their network via one of their suppliers or business partners.

• Senior leadership attrition: 35% of companies suffered C-level resignations following a ransomware attack.

• A matter of life and death: Nearly 30% of companies said they paid a ransom because of the risk to human life due to system downtime.

• Ransom demands increase with each attack: Nearly 70% of companies paid a higher ransom demand the second time.

• Ransomware attacks lead to business disruptions: Nearly one-third (31%) of businesses were forced to temporarily or permanently suspend operations following a ransomware attack.

• Layoffs result from ransomware attacks: Nearly 40% of companies laid off staff as a result of the attack.

• Companies don’t have the right tools: 60% of companies admitted that ransomware gangs were in their network up to six months before they discovered them. This points to the double extortion model where attackers first steal sensitive data then threaten to make it public if the ransom demand is not paid.

The full report can be found at https://www.cybereason.com/ransomware-the-true-cost-to-business-2022




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

IziCash awarded membership by CIT Association of SA
News
IziCash Solutions, a provider of cash logistics and cash management services to the retail and banking sector, has become a member of CITASA, the Cash-In-Transit Association of South Africa.

Read more...
22 TB hard drives from WD
News
Western Digital extends HDD technology and areal density leadership across smart video, network attached storage (NAS) and IT/data centre channel segments.

Read more...
Be aware of privacy and cybercrimes issues
Security Services & Risk Management Cyber Security Retail (Industry)
Artificial intelligence (AI) is being deployed to help shoppers make better choices, but retailers must be aware of their obligations under personal privacy and cybercrimes laws.

Read more...
From the editor's desk: Maybe I’m too old?
Technews Publishing News
There are many companies these days touting their ability to securely authenticate people via mobile devices (or selfies), claiming that it is secure and easy. Some banks are even allowing people to ...

Read more...
ADI Expo Limited Edition 2022
ADI Global Distribution News
ADI South Africa, with its leading suppliers from across the video, intrusion and access control industries, is once again hosting its annual ADI Expo in September.

Read more...
Hikvision integration with Page Automation
Hikvision South Africa News
Hikvision has announced the integration of its MinMoe Face Recognition terminals and its Hik-ProConnect online device and service management platform with Page Automation’s SmarTTime software.

Read more...
ESDA’s annual charity fundraiser
ESDA (Electronic Security Distributors Association News Conferences & Events Associations
The ESDA Annual Charity Fundraiser, part of the Electronic Security Distributors Association’s Golf Day, will take place at Benoni Lake Golf Course on Wednesday, 21 September 2022.

Read more...
Gallagher launches Tech Talk
Gallagher News Access Control & Identity Management Perimeter Security, Alarms & Intruder Detection
Gallagher has announced the launch of its new Security in Focus podcast series called Tech Talk, hosted by chief technology officer Steve Bell.

Read more...
IDEMIA and Ideco demonstrate their value stacks
Technews Publishing Ideco Biometrics IDEMIA Conferences & Events Access Control & Identity Management News
Ideco and IDEMIA recently hosted a travelling show where attendees were given an update on the companies, as well as the full value stack they offer.

Read more...
Sustainability, trust and predictability
Technews Publishing Bosch Building Technologies Conferences & Events CCTV, Surveillance & Remote Monitoring News Integrated Solutions
The future for Bosch Building Solutions is focused on predictive solutions based on sustainability and trust in an AIoT world of cloud services.

Read more...