Crime Pays: Businesses Cough Up for Ransomware Most of the Time

A report finds 88% of executives previously hit by ransomware stated that they would pay if they were attacked again.
Adam Rowe

If your company falls victim to ransomware, the government and the experts agree: Don't pay the ransom they demand.

Yet, four out of five organizations targeted in ransomware attacks wind up paying the ransom, according to a new survey from Kaspersky.

Cybersecurity company Kaspersky may currently be dealing with warnings against its ties to the Russian government issued by the likes of Germany's BSI and the US's FTC — but that doesn't mean its surveys can't highlight a big problem in the business world.

This is just the latest report to attempt an answer to a long-running cybersecurity question: Just how many companies forgo the official guidance to never pay ransoms?

Researchers Can't Agree on the Amount of Ransoms Paid

Due in part to corporate secrecy on the issue, it might be impossible to find out the true amount of ransomware payments that companies have shelled out across all attacks in all industries. Here are just a few of the conflicting reports from the past few years that you'll have to wade through in search of the truth.

First, there's a 2021 survey of “300 US-based IT decision-makers” which found that, of those who were impacted by a ransomware attack in the 12 months previous, an impressive 85% had paid the ransom.

But that amount dropped in a report the next year, when Proofpoint’s 2022 State of the Phish Report found that around 60% of those infected with ransomware paid a ransom, with 54% regaining access after the first payment.

Then there's Kaspersky's latest survey, which last month asked 900 respondents across the globe and found that 79% of all ransomware victims had paid their attackers. An even higher amount — 88% of executives from companies previously hit by ransomware — stated they would pay if they were attacked again.

Why Do Companies Pay Up Even When Professionals Warn Against It?

One big reason why experts warn against a payment is the fact that ransomware attackers don't have any reason to follow up on their promise once they're paid. Some might hold out for an additional payment, while others may vanish without a trace.

“Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom,” the FBI says.

Other security professionals say that paying just encourages a repeat incident. So why do so many ignore that advice?

Because it's often cheaper. As one of the surveys above indicates, businesses do recover their ransomed data immediately about half of the time they pay, and businesses seem to like those odds. When it comes to the business world, potential long-term downsides can't compete with decent odds at a short-term upside.

Ultimately, preventative measures are still the best approach to beating ransomware: Get a great IT team, or at least invest in antivirus software.

We'd end this article by reiterating a warning to all CTOs and CEOs that they really shouldn't pay ransoms. But that's exactly the warning that most of you won't listen to.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals