The vast majority of ransomware victims end up paying their attackers to get their data unlocked, according to a new report from cybersecurity software provider ThycoticCentrify.
The report, “2021 State of Ransomware Survey and Report: Preventing and Mitigating the Skyrocketing Costs and Impacts of Ransomware Attacks,” based on survey responses from 300 U.S.-based IT professionals, found that an alarming 83% of ransomware victims gave into their attacks’ demands.
In addition to alarming data about how many victims feel that they have no choice but to pay the ransom, the report also revealed that nearly two thirds of companies admitted to being victims of a ransomware attack in the last 12 months.
According to the company’s report, the U.S. has seen an increase in ransomware attacks of nearly 200%, with the average ransom demand now eclipsing $100,000 – ten times what it was just last year.
The report details what we already know: cybercriminals and ransomware gangs are constantly evolving and are getting more sophisticated as attack surfaces increase and hacking tools become more widely available.
“Payouts have become so lucrative that ransomware developers have emerged to sell or establish an affiliate program for their tools and expertise, offering Ransomware-as-a-Service (RaaS),” the report says. “Ransomware could further evolve into a subscription model where you pay the criminal gangs not to target you.”
According to ThycoticCentrify’s report, 72% of organizations increased their cybersecurity budgets after a ransomware attack, which by far the most frequent action taken by ransomware victims.
Those budgets were increased largely to protect against ransomware, as 93% of respondents said they have allocated funds in their annual security budget specifically to protect against ransomware.
Organizations are mostly spending those funds on network security (49%) and cloud security (41%), but fewer are investing in identity access management (24%), endpoint security (23%) and privileged access management (19%).
“Companies may not realize, or be underestimating how important these are to preventing against, mitigating or disrupting ransomware attacks,” ThycoticCentrify said in the report.
The company notes the need to go beyond traditional security measures like antivirus programs to reduce the threat of ransomware, and those more modern approaches include network segmentation, privileged access management, threat detection, and adopting a Zero Trust network architecture to limit what end users can access.
In addition to investing in privileged access management and adopting least privilege access policies, the report also urged IT admins to create incident response plans to contain and limit the damage.
The more that ransomware attacks are successful, the more victims will end up paying those ransoms, which continues to fund the ransomware industry.
“While companies are increasing their spending on cyber security solutions to prevent becoming ransomware victims, it is essential they protect all users as if they were privileged users,” the company said. “By safeguarding privileged access with PAM solutions to reduce or eliminate attacker dwell time, as well as implementing a robust incident response plan, organizations can minimize the risk from what appears to be a threat that will only increase for the foreseeable future.