Most ransomware victims face second attack after paying off first

Get a free Techzine subscription!

Hackers in most cases will return to take a second bite at the apple.

The COVID-19 pandemic has led to a wave of ransomware attacks. However, a new study by a U.S. cybersecurity firm reveals an even greater threat. It shows that 4 in 5 ransomware victims run the risk of repeat cyber attacks.

Boston-based Cybereason found 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack. This was according to a commissioned survey of 1,263 cybersecurity professionals in varying industries. The subjects also ranged globally from the U.S., United Kingdom, Spain, Germany, France, United Arab Emirates and Singapore.

“Once you have the ability to hack and the ability to collect anonymized money with Bitcoins — combine them together. You suddenly get a very nice business model that enables you to collect a lot of money, quickly,” Cybereason CEO Lio Div told CBS News. That quick money transfer has been on full display in recent weeks, following a series of high-profile ransom payouts. 

The UAE is particularly vulnerable

The Cybereason study found that the United Arab Emirates (UAE) was one of the worst cases. Fully 37 percent of surveyed companies reported that they had been hit by a ransomware attack in the last 24 months. A staggering 84 percent of these companies chose to pay the ransom – which is 24 percent higher than the global average.

But of those that paid, 90 percent suffered a second ransomware attack. Moreover, the repeat attacks often at the hands of the same malefactors. The research also showed that of the organizations who opted to pay a ransom demand to regain access to their encrypted systems, 59 percent reported that some or all of the data was corrupted during the recovery process.

The study’s conclusion: Crime doesn’t pay and neither should you

“Our survey findings underscore why, with the exception of cases where there is a threat to life, it does not pay to pay ransomware attackers. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” commented Lior Div, CEO and co-founder at Cybereason.

“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”