Repeat ransomware attacks hit 80% of victims who paid ransoms

Organizations that pay up after a ransomware attack incur a high probability of a second attack.

New research from endpoint security vendor Cybereason examined the short and long-term impacts ransomware has on businesses through a survey of 1,263 infosec professionals from the U.S., United Kingdom, Spain, Germany, France, United Arab Emirates and Singapore. One of the most significant findings of the survey was that 80% of organizations that paid ransom demands experienced a second attack.

To make matters worse, of those who did get attacked again, nearly half said they believed it was at the hands of the same attackers, while just 34% said they believed the second attack was perpetrated by a different set of threat actors.

Additionally, paying does not guarantee operations will go back to normal, according to the Cybereason report. Of those surveyed, 46% regained access to their data following payment, but some or all of the data was corrupted. And 25% of respondents said a ransomware attack led to their organization closing down.

Cybereason’s report presents troubling data around the growing threat of repeat attacks. Though 80% is higher than Cybereason co-founder and CTO Yonatan Striem-Amit expected, he said it was not that surprising. The reason for the remarkably high percentage is that when businesses make the choice to pay the ransom, they may be solving an immediate problem, Striem-Amit said. But they are also announcing their willingness to pay potentially large sums of money to resolve a crisis.

Striem-Amit said cybercriminals have gotten better at identifying would-be targets, and the larger ransomware groups are specializing in big game hunting — going after major multinational corporations with targeted intrusion techniques. The problem has become so bad that the White House recently issued a ransomware directive just for businesses.

“When victims are paying, they’re putting a sign to attackers: we’re open for business,” he said. “The criminals then attack these victims again before they have a chance to ramp up their security practices.”

Repeat attack causes

Cybereason isn’t the only vendor to observe the trend of organizations being attacked multiple…