Companies pay multiple ransoms as attackers step up threat levels

A new report from Semperis, based on a study of almost 1,500 organizations globally, shows that hackers are stepping up threat levels and ransomware is still a global epidemic.

In 40 percent of attacks threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand. US-based companies experienced physical threats 46 percent of the time, while 44 percent of German firms experienced similar forms of intimidation.

Another interesting tactic is that 47 percent of attacked companies in the US, UK, France, Germany, Spain, Italy, Singapore, Canada, Australia and New Zealand reported that hackers threatened to file regulatory complaints against them if they didn’t report the incident. In the US, the rate jumped to 58 percent, a 23 percent increase, while in Singapore the extortion threat surged to 66 percent, a jump of 40 percent and the highest of any country.

The report also shows slight decreases year-on-year in companies paying ransoms. Even so 69 percent of companies that were victimized by ransomware paid a ransom. Unfortunately, 38 percent of companies paid multiple ransoms and 11 percent of companies paid three times or more. In the US, 47 percent of companies paid ransoms multiple times, while in Singapore 50 percent of companies paid multiple times.

Nearly 20 percent of companies that paid a ransom either received corrupt decryption keys that were unusable or the hackers still published stolen data after saying they would not.

“Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a down payment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” says Mickey Bresman, CEO of Semperis.

Ransomware attacks remain depressingly frequent, with 50 percent of respondents citing cybersecurity threats as the top threat to business resilience. The top cybersecurity challenge facing organizations is the sophistication of attacks (37 percent), while second at 32 percent is attacks against organizations’ identity infrastructure, most commonly Active Directory.

You can get the full report from the Semperis site.

Image credit: lighthouse/depositphotos.com