Most Businesses That Pay Off After Ransomware Hack Hit With Second Attack: Study

A majority of businesses hit by a ransomware attack that chose to pay to regain access to their systems were attacked again, a study released Wednesday by a cybersecurity company found.

The study surveyed nearly 1,300 security professionals around the world and found that 80 percent of businesses that paid after a ransomware attack suffered a second attack. Of those hit a second time, 46 percent believed it came from the same group that did the first attack.

Censuswide, which performed the study on behalf of the international cybersecurity company Cybereason, found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs.

Cybereason CEO Lior Div warned that paying the ransom for data would not guarantee complete and successful data recovery, nor would it protect an organization from future attacks.

"Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks," Div said.

For those that paid to restore their systems, 46 percent said they regained access to their data, but some or all of it was corrupted. Another 51 percent said their data recovery was successful, while only 3 percent said they did not regain access to any of their data.

The Cybereason study said global ransomware damage losses are projected to reach $20 billion this year. An annual crime report released by the FBI reported an increase of over 225 percent in total losses from ransomware in the U.S. in 2020, and a 69 percent increase from 2019 in cybersecurity complaints to the bureau.

Ransomware illustration
Twenty-five percent of organizations hit by a ransomware attack were forced to close, according to a new study. Getty Images

The increase in cyberattacks in 2020 is largely attributed to the increased use of technology during the coronavirus pandemic.

"In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree," Paul Abbate, deputy director of the FBI, wrote in the report.

"These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society," he said.

Many cybersecurity companies advise against paying after a ransomware attack, instead recommending that organizations have data backup solutions. Cybereason also warned organizations to keep in mind that "attackers have strategies to render backups all but moot in some circumstances."

Other suggested solutions are cyberinsurance coverage to recover losses after a ransomware attack and personnel who have the proper skills to block ransomware attacks or can detect them early to mitigate further damage.