Ransomware experts urge victims not to pay, but are they listening?

The number of attacks from, and payouts to, ransomware extortionists continue to rise despite only 20% saying giving into demands is the best course, Menlo Security finds.


Image: kaptnali, Getty Images/iStockphoto

There’s a growing reluctance to play ransomware demands, Menlo Security found in an online poll, but that reluctance may not reflect what victims are actually doing when hit by an attack. Respondents overwhelmingly agreed that ransoms shouldn’t be paid, with 79% saying so, while 20% said paying ransoms is the best way out. Sixty-nine percent said they’d like to see prison time for ransomware perpetrators, and 60% said the scheme should be treated the same as terrorist attacks. 

SEE: Security incident response policy (TechRepublic Premium)

Opinions like these are all well and good, but Menlo Security pointed out that data from Cybersecurity Ventures shows 2021 ransomware losses are expected to exceed $20 billion, rising to $265 billion by 2031. Meno Security also cited data from The Beazley Group, which said that ransomware attacks increased by more than 130% in 2020. Factor in recent high-profile and high-dollar payouts from the Colonial Pipeline ransomware attack and similar incidents and you have a clear signal to cybercriminals: Ransomware works.

“Ransomware isn’t going away any time soon and with the rise of ransomware as a service it’s an increasingly easy way for cyber criminals to launch a profitable attack,” said Mark Guntrip, Menlo Security senior director of cybersecurity strategy. “If companies continue to pay ransom demands, then these criminal groups will continue to see the technique as an easy way to make massive monetary gains.”  

Catching ransomware actors would be a way to slow them down, and with only 16% of survey respondents saying they think attackers will never be caught it seems there’s some consensus that cybercriminals aren’t immune. Not so, said Guntrip: “Given the location of the groups that have carried out ransomware attacks and the tools that they use, it is highly…