A new report, which surveyed 1200 IT security professionals in 17 countries around the world, has shone a light on a dramatic rise in the number of organisations willing to pay ransoms to extortionists.
The ninth annual Cyberthreat Defense Report (CDR), produced by CyberEdge Group, shows that not only has there been a substantial increase in the percentage of companies that pay ransoms, but the average size of ransomware payments also increased significantly.
The 2022 CDR says that the latest figures indicate 62.9% of victimised organisations pay ransoms, compared to 45% in CyberEdge's 2019 report.
This rise may well be partly explained by the trend for ransomware attackers to apply extra pressure by exfiltrating data and threatening to sell it to others or publish it on the internet. The public exposure of sensitive data can obviously be highly embarrassing and inconvenient to individuals and corporations alike, as well as highly damaging to a company's brand.
Furthermore, some companies may simply assess that it is less expensive to pay their attackers after an attack rather than attempt to rebuild their systems and reputation on their own.
Statistics from Coveware meanwhile make clear that average ransom payments continue to rise, reaching $322,168 in the last quarter of 2021.
This is, of course, all good news for cybercriminals engaged in ransomware attacks. Victimised organisations are more likely to pay up a larger amount of money than ever before.
Inevitably this leads to an escalation in attacks, and more cybercriminals entering the arena (aided - undoubtedly - by the rise of ransomware-as-a-service operations), viewing it as "easy money" with little risk of being caught.
Sure enough, the CDR found that the percentage of companies hit by a ransomware attack in the past 12 months set a new record reaching 71%, compared to 62.4% two years ago.
So the pressure is significant, but - perhaps surprisingly - the ransomware attackers are not typically targeting those organisations with the very deepest pockets.
The CDR reports that the "sweet spot" for ransomware gangs is organisations which employ 5,000-25,000 people. The theory is that they are targeted more often than their smaller and larger counterparts because although they can afford to pay high ransoms, an attack is less likely to shut down essential infrastructure or draw the undivided attention of law enforcement agencies and government.
But no-one should rest easy when it comes to ransomware. With more attacks making more money than ever before there is no indication that the ransomware incidents are likely to decline any time soon.
Here are 30 ransomware prevention tips that will help prevent a ransomware infection.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.