Two-thirds of companies worldwide have been victims of ransomware. At the same time, Kaspersky found in a survey that 88 percent of companies that were already victims of ransomware would pay the ransom again if they were attacked again.
A current Kaspersky study shows that 88 percent of companies that have already been the target of a ransomware attack would pay a ransom if they were attacked again [1]. In contrast, for companies that have not yet been hit by a ransomware attack, only 67 percent would be willing to do so in principle – but they would be less inclined to do so immediately. Paying ransom often seems to be seen by executives as a reliable means of dealing with the problem.
The Kaspersky study shows that ransomware is still a major threat: two-thirds (64 percent) of companies have already been attacked. Furthermore, the number of attacks with ransomware almost doubled in 2021 compared to the previous year [2].
Most ransomware victims pay
The fact that a company has already paid a ransom once does not mean that it would not be willing to do so a second time - on the contrary. This even increases the probability that this would happen in the event of a new attack. Almost one in nine (88 percent) companies who have already been compromised would do this to regain access to their own data. These companies are also more likely to pay as soon as possible to get immediate access to their data (33 percent of those who have been attacked vs. 15 percent of those who have never been attacked) or after just a few days unsuccessful decryption attempts (30 percent vs. 19 percent).
Ransom payment as the most effective way!?
Company executives who have already paid ransoms seem to believe that this is the most effective way to get their data back. Almost all (97 percent) would be willing to do this again. This willingness to pay could be because they hardly know how to respond to such threats or because data recovery takes so long since affected companies could lose more money waiting for data recovery than paying the ransom.
This means that ransomware remains a real threat to cybersecurity. Two-thirds (64 percent) of organizations confirm they have faced these types of incidents, and 66 percent anticipate such an attack on their organization will occur at some point. Although they consider a ransomware attack to be more likely than other common types of attacks such as DDoS, supply chain, APT, cryptomining or cyber espionage.
Ransomware remains the top threat
"Ransomware has become a serious threat to businesses as new patterns regularly emerge and APT groups use it for advanced attacks," said Christian Milde, Managing Director Central Europe at Kaspersky. “Even an accidental infection can become a challenge for a company. Because business continuity is often at stake, executives are forced to make difficult decisions about paying the ransom. However, we generally recommend not paying cyber criminals, as this does not guarantee that the data will actually be decrypted again; however, a payment encourages them to repeat their course of action. At Kaspersky, we are working with increasing success to help companies avoid such consequences. It is important for companies to follow basic security principles and engage with reliable security solutions to minimize the risk of a ransomware incident. The anti-ransomware tag is a good reminder of these important practices.”
Kaspersky tips to better protect businesses from ransomware
- The software should always be up to date on all devices used to prevent attackers from exploiting vulnerabilities and infiltrating the network.
- The defense strategy should focus on sideways movement detection and data exfiltration to the internet. Pay particular attention to the outgoing data traffic in order to detect connections from cybercriminals to your own network.
- Set up offline backups that cannot be tampered with by intruders and can be accessed quickly in an emergency.
- Activation of ransomware protection for all endpoints. Kaspersky Anti-Ransomware Tool for Business [3] is a free tool that protects computers and servers from ransomware and other types of malware and prevents exploits. It is compatible with already installed security solutions.
- Organizations should implement anti-APT [4] and EDR [5] solutions for advanced threat detection, investigation and timely incident remediation, and access to the latest threat intelligence. An MDR provider can effectively mitigate advanced ransomware attacks. All this is possible with Kaspersky Expert Security [6].
- When companies are affected by a ransomware attack, they should never pay the ransom demanded. Because there is no guarantee that they will get any data back; however, it encourages cyber criminals to continue their businesses. Instead, an incident should be reported immediately to the local police authority. https://www.nomoreransom.org provides access to decryption programs.
[1] https://www.kaspersky.com/blog/anti-ransomware-day-report/
[2] https://www.securitymagazine.com/articles/97166-ransomware-attacks-nearly-doubled-in-2021
[3] https://www.kaspersky.de/blog/kaspersky-anti-ransomware-tool-for-business/
[4] https://www.kaspersky.de/enterprise-security/apt-intelligence-reporting
[5] https://www.kaspersky.de/enterprise-security/endpoint-detection-response-edr
[6] https://www.kaspersky.de/enterprise-security
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/