Flood of ransom payments continues as officials mull ban

As the White House floats the possibility of a ban on ransom payments, the number of organizations hit by ransomware that ultimately pay a ransom remains high.

Nearly half, 46%, of organizations hit by ransomware during the past year paid a ransom to recover data, according to research Sophos released Wednesday.

Averages and figures attributed to ransomware payments vary between research firms and studies.

Sophos’ survey of 3,000 IT and cybersecurity leaders across 14 countries pinned the median ransom payment at $400,000 during the past year.

Palo Alto Networks’ Unit 42 observed a median ransom payment of $350,000 in a ransomware report it released in March. A study BakerHostetler released earlier this month pinned the average ransom payment at $600,000, a 15% increase from the previous year.

Despite data discrepancies, the persistent scale of ransomware activity and money ultimately landing in the hands of criminals is a resounding negative in the fight against ransomware. It might be fueling cyber authorities to consider other means to counter financially motivated threat actors.

Between 2020 and 2022 there were 6,516 ransomware attacks around the world, Anne Neuberger, deputy national security advisor for cyber and emerging technologies, said Friday during a presentation at the Institute for Security And Technology’s Ransomware Task Force event.

That’s just the attacks the government knows about.

To read the complete article, visit Cybersecurity Dive.