Over a quarter of organisations which fall victim to ransomware attacks [1]opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now over $1 million.
A Crowdstrike study[2] based on responses from thousands of information security professionals and IT decision makers across the globe found that 27 percent said their organisation had paid the ransom after their network got encrypted with ransomware.
While law enforcement agencies say organisations should never give in and pay the ransom[3], many businesses justify making the payment because getting the decryption key from the attackers is viewed as the quickest and easiest way to restore the network.
However, not only does paying the bitcoin ransom just encourage ransomware gangs to continue campaigns because they know they're profitable, there's also no guarantee that the hackers will actually restore the network in full.
But infecting networks with ransomware is proving to be highly lucrative for cyber criminals, with figures in the report suggesting the average ransom amount paid per attack is $1.1 million.
In addition to the cost of paying the ransom, it's also likely that an organisation which comes under a ransomware attack will lose revenue because of lost operations during downtime, making falling victim to these campaigns a costly endeavour.
SEE: A winning strategy for cybersecurity[4] (ZDNet special report) | Download the report as a PDF[5] (TechRepublic)
However, falling foul of a ransomware attack does serve as a wakeup call for the majority of victims; over three-quarters or respondents to the survey say that in the wake of a successful ransomware attack, their organisation upgraded its security software and infrastructure in order to