Some companies pay ransomware attackers multiple times, survey finds

Nearly one-third of companies that suffered a ransomware attack paid a ransom four or more times in the past 12 months to regain access to their systems, according to the 2024 Ransomware Risk Report released Tuesday by Semperis, a cybersecurity software company.

This decision to pay multiple times involved 32% of attacked companies in France, Germany, the U.K. and U.S. across multiple industries, according to the survey of 900 IT and security executives.

Nearly half of the German companies queried paid four or more ransom payments, compared to one-fifth of companies in the U.S.

More than a third of companies that paid the extortion demand either did not receive the decryption keys from attackers or were given corrupted keys, according to the report.

Almost three-quarters of companies said they had endured multiple attacks, and 87% said the attacks had caused some level of disruption. Companies in the U.S. and U.K. were slightly more likely to have experienced a ransomware attack, with 85% in each country reporting such an attack within the past 12 months, Semperis said.

About 75% of those surveyed reported paying a ransom to regain control of their data; about 10% said they had paid more than $600,000.

To read the complete article, visit Cybersecurity Dive.