Do I Pay Ransomware? Sophos Report Cites Evidence that It's a Bad Idea

You might be out twice as much than you would be if you didn't pay.

Craig Galbraith, Editorial Director

May 14, 2020

4 Min Read
Ransomware skull and crossbones
Shutterstock

Too many companies have to ask themselves the challenging question, “Do I pay ransomware?” That’s because more than half (51%) of organizations Sophos surveyed for a new report said they have suffered a ransomware attack in the past year.

Researchers at Vanson Bourne conducted the survey of 5,000 IT managers around the world in January and February. If there is good news, organizations surveyed did see a slight drop in these types of cyberattacks.

The survey found that malicious hackers were successful in encrypting data 73% of the time, and in just 26% of those cases did victims get their data back by paying the ransom. A handful (1%) forked over the money but still didn’t get their data back.

Wisniewski-Chet_Sophos.png

Sophos’ Chet Wisniewski

“While many of us have suspected paying the ransom is a bad idea, now we finally have evidence that it’s true,” Chet Wisniewski, principal research scientist at Sophos, told Channel Futures. “The countries most likely to pay the ransom are also the countries [which] had the highest cost of recovery. On the whole, it is nearly twice as expensive to recover by paying the ransom.”

Wisniewski hopes these stats will discourage companies from paying up, which could curtail this style of ransom and extortion.

Ransomware Report Breakdown

The report also revealed:

  • Almost all (94%) victims whose data was encrypted got it back. But more than twice as many got it back via backups (56%) than by paying the ransom (26%).

  • If you pay the ransom, Sophos says that doubles the cost of the attack. How, you ask? The company found the average cost to fix the impact of a ransomware attack was more than $732,000 for businesses that don’t pay the ransom. It’s more than $1.4 billion that do. This stat takes into consideration downtime, people time, device cost, network cost and lost opportunity — as well as the ransom paid.

  • If you read the biggest headlines, you might think that ransomware impacts the public sector more than the private sector. Your assumption would be wrong. Compared to the global average of 51%, ransomware hit 45% of public sector organizations, according to the report. The media, leisure and entertainment industries took a beating, with a high of 60%.

  • If you have cybersecurity insurance, review it. Of those surveyed, 84% had insurance, but one in three (36%) found their policies don’t cover ransomware.

  • Finally, when asking yourself, “Do I pay ransomware?” also ask yourself, “Is the cloud safe?” Consider that most successful ransomware attacks include data in the public cloud. The report says nearly three in five (59%) attacks where data was encrypted involved data in the public cloud. Sophos says respondents may have broadly interpreted the definition of the public cloud, including services such as Google Drive and Dropbox, and cloud backup like Veeam. Yet it’s clear that malicious hackers are targeting data wherever it is stored.

Ransomware & Partners

Wisniewski says some partners are up to speed on ransomware, while others are behind the eight ball.

“The situation with partners largely mirrors what we see in the larger business world,” said Wisnieski. “Some get it, and some don’t. There are plenty of shops out there who are protecting themselves and their customers from ransomware and other threats. They take the time to ensure they are hardening credentials, keeping exposed services and hosts to a minimum, patching systems in a timely manner, and consulting with their customers to make sure they are putting security first.”

But Wisniewski says some bad guys are successfully phishing for partners’ management software credentials. Hackers can use that information to attack all of that partner’s customers at once.

“A lack of multifactor authentication coupled with weak credentials, privileged network access, and vulnerable management appliances will only lead to a devastating impact to you and your customers,” said Wisniewski.

Read more about:

MSPs

About the Author

Craig Galbraith

Editorial Director, Channel Futures

Craig Galbraith is the editorial director for Channel Futures, joining the team in 2008. Before that, he spent more than 11 years as an anchor, reporter and managing editor in television newsrooms in North Dakota and Washington state. Craig is a proud Husky, having graduated from the University of Washington. He makes his home in the Phoenix area.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like