Companies are increasingly paying ransoms in the event of a ransomware attack. However, this payment is no guarantee that the organization will actually get its data back. "It doesn't pay to pay," it sounds.
This is evident from an annual report by security specialist Sophos. The figures show that more companies have started paying ransoms, with the percentage increasing from 26 percent in 2020 to 33 percent so far in 2021. Furthermore, it has been found that the average ransom amount paid was 141,000 euros. The highest payment was 2.7 million euros. Ten companies in the report paid 690,000 euros or more in ransoms.
Furthermore, the report found that only 8 percent of organizations manage to get all their data back after payment, while 29 percent get about half of their data back. The findings from the research confirm that it does not pay to pay in the event of a ransomware attack.
However, there is also good news from the figures. It appears that the number of companies that have suffered a ransomware attack has fallen from 51% in 2020 to 37% so far in 2021. Fewer companies have also had to deal with encrypted data as a result of an attack (from 74% in 2020 to 54% so far in 2021). The decrease in the number of organizations affected by a ransomware attack is good news. However, hackers have switched from large-scale attacks to more targeted ones, with a higher chance of damage.
The average cost of recovery from a ransomware attack has more than doubled in the past twelve months. Recovery and other costs, including company downtime, lost orders and operational costs increased from an average of 631,000 euros in 2020 to 1,540,000 euros so far. This means that the average recovery cost is 10x higher than the average ransom payment. Such a ransom payment is also often not the solution.