A study by Cybersecurity firm Cybereason shows that more than half of respondents were hit with a ransomware attack and 80 percent of those who paid the ransom were hit with a second attack, often by the same thief.
“Ransomware attacks are a major concern for organizations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result,” Lior Div, Cybereason co-founder and CEO, said in a press release.
Div pointed to the disruptions “felt up and down the East Coast” caused by the May 7 Colonial Pipeline ransomware attack and the disruptions experienced by the numerous businesses relying on the pipeline.
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” he added.
The study also showed that 46 percent of respondents that paid to get their data back said that much of the data — sometimes all of it — was corrupted during the recovery process. Some 66 percent of organizations attacked by ransomware said they experienced consequential revenue loss following a ransomware attack, with 35 percent of companies paying $350,000-$1.4 million to the attackers. Some 7 percent paid ransom topping $1.4 million.
Further, 26 percent of organizations said they had to temporarily close because of the attack, 32 percent lost c-suite executives, and 29 percent reported staff layoffs due to financial issues that followed the ransomware attack.
The report — Ransomware: The True Cost to Business — surveyed 1,263 security professionals and was conducted by Censuswide in April. Respondents came from a cross-section of industries from the U.S., U.K., Spain, Germany, France, United Arab Emirates, and Singapore.
Global losses from cyberattacks are estimated to be around $12 billion, something that payments firm Worldline is looking to mitigate with its Microsoft partnership.
FBI Director Christopher Wray said that victims of ransomware attacks should not pay the attackers, and instead should contact law enforcement officials immediately. Meat producer JBS USA, for example, paid $11 million to hackers and the Colonial Pipeline paid $4.4 million.