The moral dilemma of ransomware: To Pay or Not to Pay?

/in


By David Carvalho, CEO and Co-Founder Naoris Protocol

David Carvalho

 

Ransomware attackers reportedly extorted $456.8 million from victims in 2022, a 40% decrease from the previous year’s $765.6 million. However, celebrating the decrease in the number of successful attacks is premature, given the changing tactics of attackers. The recent hack of Euler Finance, where $135 million in staked Ether tokens (stETH) was drained from the protocol, is an example of these evolving attack methods.

A recent poll by Naoris Protocol, a decentralized cybersecurity platform, reveals that 70.8% of respondents would not pay the ransom and would instead report the attack to relevant authorities. However, only 42% of companies that fall victim to ransomware attacks actually report them. It is easier to take the moral high ground when the question is theoretical, but when faced with the reality of a ransomware attack, businesses may be more reluctant to take a moral stance, considering the potential costs in terms of business, brand, and reputational damage.

Of the remaining respondents in the Naoris Protocol poll, 16.55% said they would not pay the ransom or report the attack and would instead rely on backups to restore data. However, research indicates that only 57% of businesses are successful in recovering data from backups. In addition, more than a third of companies that paid a ransom to retrieve their data were targeted a second time and charged even more than the first attack, with 41% failing to recover all of their data.

Ransomware attacks are evolving, and attackers are resorting to “double extortion” tactics, where they threaten to sell the data if the ransom is not paid. They also use Denial of Service attacks and harassment via email or phone. The number of ransomware payouts has decreased, but the average ransomware amount is increasing, with the average ransom demanded in 2021 being approximately $2.2 million, a 144% increase from the average demand of $900,000 from cases analyzed in 2020.

It is challenging to estimate the number of successful ransomware attacks, given the opacity and inconsistency in reporting. However, it is estimated that between May 2021 and…

Source…