It has been reported that more than a third of companies who paid a ransom to cybercriminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report. The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data. The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data. The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems. While 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.
Ransomware is a clear and present danger to all organisations, no one can pay their way out of the problem, and there isn’t enough cyber insurance to save an organisation from business operation disruptions and proprietary data loss. The findings in the Hiscox Cyber Report should be a wakeup call to all organisations to improve their security readiness, but until ransom payments are outlawed entirely, or organisations stop paying, the annual global ransomware economy will continue to exceed $3 billion. In Cybereason’s 2022 Ransomware: The True Cost to Business Study, 80 percent of organisations that paid a ransom were hit a second time, oftentimes within weeks of the first attack. Shockingly, 10 percent of organisations paid a ransom three times.“Ransomware is preventable and many companies offer endpoint detection & response technologies that will stop the scourge. Practicing these habits will certainly reduce risks further: