IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Majority of paid ransom demands experience repeat attack
Tue, 22nd Jun 2021
FYI, this story is more than a year old

The majority of paid ransom demands experienced a repeat attack, according to new research from Cybereason and Censuswide.

The research found 80%of organisations that paid a ransom demand were threatened a second time, and of those, 46% of these believed they were targeted by the same hackers.

The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.

Amongst those that paid to regain access to their systems, 46% also said at least some of their data was corrupted, revealed the Cybereason survey.

Globally, 51% retrieved their encrypted systems without any data loss, while 3% said they did not regain access to any encrypted data. The report revealed that one particular organisation reportedly paid up a ransomware amount in the millions of dollars, only to be targeted for a second attack by the same attackers within a fortnight.

Jake Moore, cybersecurity specialist at global cybersecurity firm, ESET, says that paying demands of a ransomware attack can have long lasting outcomes for an organisation.

“It has long been known that once an organisation has been struck with ransomware, they will forever be on the map as a victim," says Moore.

"However, paying the demands can have even more severe consequences, showing future attackers that the organisation could be easy pickings for some quick cash," he says.

"Ransoms tend to be calculated so that they are within reach and can be paid quickly, and knowing that a business has previously paid out in the face of such demands gives threat actors – both the original attackers and new cybercriminals – a heads up to the possibility of a repeat attack."

Moore says that once an organisation is attacked, whether it pays the ransom or not, businesses must change their proactive cybersecurity measures to protect their data "in every possible way".

"However the mishap occurred, organisations must expect further attacks, and accordingly ensure that the targeted attack vector is made water tight," he says.

Key findings in the research include:

  • Loss of Business Revenue: 66 percent of organisations reported significant loss of revenue following a ransomware attack.
  • Ransom Demands Increasing: 35 percent of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7 percent paid ransoms exceeding $1.4 million.
  • Brand and Reputation Damage: 53 percent of organisations indicated that their brand and reputation were damaged as a result of a successful attack
  • C-Level Talent Loss: 32 percent of organisations reported losing C-Level talent as a direct result of ransomware attacks
  • Employee Layoffs: 29 percent reported being forced to layoff employees due to financial pressures following a ransomware attack
  • Business Closures: A startling 26 percent of organisations reported that a ransomware attack forced the business to close their business for some period of time.