To avoid disruption, ransomware victims continue to pay up

For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

Ransomware attacks on organizations are likely to continue unabated in the near term if the results of a new survey by Proofpoint are any indication.

The security vendor recently polled 600 IT security professionals from around the world on trends related to phishing and other email-borne threats.

The results showed that 33% — or nearly 200 of the organizations represented in the survey — paid a ransom last year to get their data back after experiencing a ransomware infection. Another 32% reported being infected with ransomware but refusing to accede to attacker demands for payment.

Sixty-nine percent of the organizations that paid a ransom said they got back access to their data and systems after the first payment. But 22% never regained access to their data after paying the demanded ransom, while 7% got hit with additional demands and ended up walking away empty-handed anyway. Two percent were forced to pay more money to regain access to encrypted systems and data.

Proofpoint said it is unclear what the organizations that didn’t pay a ransom did to recover access to encrypted systems and data or what disruption they might have endured as a result of their refusal to pay.

Results from the Proofpoint survey are another reminder that for all the cautions against doing so, many ransomware victims are willing to pay off their attackers if it means avoiding the disruption, work, and cost involved in restoring data on their own. A September 2019 Dark Reading survey showed a nearly fourfold increase over 2018 — from 4% to 15% — in ransomware victims that paid to get their data back after an infection.

To read the full version of this article, visit Dark Reading.