Cyber criminals only honour half of ransomware payments

Victims still don't get files decrypted after sending money, says new report

Paying money to cyber criminals following a ransomware attack is no guarantee that files will be decrypted, according to a new report.

Imperva's CyberEdge Group's fifth annual Cyberthreat Defense Report found that 55% of respondents were compromised by ransomware in 2017, down from 61% in 2016. However, when infected by ransomware, out of the companies that paid the ransomware, 49% recovered their data while 51% lost their data.

Advertisement - Article continues below

The research questioned 1,200 IT security decision makers and practitioners from 17 countries and 19 industries. It found that out of the companies that refused to pay the ransom, 87% recovered their data, 13% lost their data.

"Just over half of the survey respondents admitted that following a ransomware infection they still lost their data even though they paid the fine," said Terry Ray, CTO at Imperva.

"This highlights the reality that there is no guarantee a company will get their data back if they pay the ransom. Companies therefore need to stop ransomware attacks from the very beginning, before the encryption of data takes place. The best way to prevent an attack is to immediately detect ransomware file access behaviours before the ransomware spreads across the network and encrypts file servers. Once detected, you can quarantine impacted users, devices and systems."

Advertisement - Article continues below

The report also revealed that for the first time in five years, the percentage of organisations affected by a successful cyber attack decreased, dropping from 79% in 2016 to 77% in 2017. Furthermore, the number of organisations victimised by six or more successful attacks fell from 33% in 2016 to 27% in 2017.

Advertisement - Article continues below

Respondents also highlighted an IT security skills deficit. For the first time in five years, lack of skilled personnel outdid low security awareness among employees as IT security's greatest inhibitor to success. In 2018, four in five organisations are experiencing an IT security skills shortage.

"The security skills shortage is well-documented so this isn't a surprise. However, to help overcome deficiencies in their human teams, organisations can bolster their cyber defences and bridge the skills gap using machine learning (ML) and artificial intelligence (AI). ML software can perform preventative and analytical security processes and can detect threats at a much greater speed than humans, helping to prevent attacks," said Ray.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020