Nearly four in five (78%) organizations that paid a ransom demand were hit by a second ransomware attack, often by the same threat actor, according to Cybereason. Ransomware: study on the cost for businesses 2024.
Nearly two-thirds (63%) of these organizations had to pay more the second time around.
Of the 78% who experienced a second breach, 36% of the perpetrators were the same threat actor and 42% were a different attacker.
In total, 56% of organizations have experienced more than one ransomware attack in the last 24 months.
The study, which surveyed more than 1,000 cybersecurity professionals, found that 84% of organizations agreed to pay a ransom demand after being hacked.
Of these, less than half (47%) got their data and services back intact, highlighting that paying is usually not the solution.
Greg Day, CISO (VP) Global Field at Cybereason, explained that paying ransom demands is problematic for a number of reasons.
“There is no guarantee that attackers will not sell your data on the black market, that you will recover all of your files and systems, or that you will not be attacked again,” he stressed.
Respondents cited several factors in deciding whether to pay a ransomware demand:
- Attackers threatened to leak sensitive information
- They feared a loss of activity
- Paying seemed like the quickest solution
- It was a holiday/weekend and they were short staffed.
- It was a matter of life and death
- They had no save files
Skyrocketing business costs of ransomware
Nearly half (46%) of ransomware victims estimate their business losses between $1 million and $10 million as a result of the attack, with 16% reporting losses greater than $10 million.
The average ransom demand for U.S. companies reached $1.4 million, the highest cost among the countries studied. This is followed by France ($1 million), Germany ($762,000) and the United Kingdom ($423,000).
These results follow research by Arctic Wolf in February 2024, which revealed that initial ransomware demands reached a median of $600,000 in 2023, a 20% increase from the previous year.
Despite this risk, only 41% of organizations believe they have the right people and plan to handle the next attack.
Additionally, while almost all respondents have purchased cyber insurance, only 40% are confident that a ransomware attack would be covered.
Day said research demonstrates that most companies’ ransomware strategies are incomplete, preventing effective recovery after an incident.
“They either lack a documented plan or the right people to execute it. As a result, we see that many organizations pay the ransom. Likewise, while many have cyber insurance, too many simply do not know if, or to what extent, it covers them against ransomware attacks,” he noted.
Ransomware attackers are evolving their tactics
THE research highlighted a shift towards more complex, “low and slow” ransomware attacks, designed to compromise as much of the targeted network as possible in order to obtain payment of the highest ransom.
More than half (56%) of cybersecurity professionals said their organization had not detected a breach for 3 to 12 months.
The most common method used by ransomware perpetrators to infiltrate organizations’ systems was a supply chain breach (41%). This is followed by 24% of people who entered directly and 22% who accessed victim networks with the help of an insider.
Researchers also noted that ransomware perpetrators are becoming more effective through their use of generative AI tools. These technologies are mainly leveraged to create more professional social engineering messages and translate them efficiently into any language.