Ransomware Victims Pay $700K in Extra Extortion Fees

A staggering 96% of ransomware victims that agree to their extorters’ demands are subsequently forced to pay additional fees amounting to hundreds of thousands of dollars, according to CrowdStrike.

The security vendor’s 2021 CrowdStrike Global Security Attitude Survey was compiled from interviews with 2200 senior IT and cybersecurity decision makers in the US, EMEA and APAC.

It found that two-thirds (66%) of respondents had suffered at least one ransomware attack over the past year, with average payments increasing 63% over the year. They were lowest on average in EMEA ($1.3m), followed by the US ($1.6m), and highest in APAC ($2.4m).

The average demand from ransomware groups was $6m. CrowdStrike claimed the gulf between this figure and what victims end up paying is due to organizations getting better at negotiating and understanding their risk exposure.

However, threat actors are seeking to recoup funds in other ways — most notably in extorting the same victims more than once for the same attack. The report claimed that on average these extra payments cost victims $792,493.

“One of the biggest mistakes that a company that falls victim to a ransomware attack can do, is believe that paying the ransom will make all your problems disappear,” CrowdStrike’s EMEA CTO, Zeki Turedi, told Infosecurity.

“What most organizations are completely unaware of, is that not only paying the ransom will more than likely result in another attack in the future, it leaves them in the situation of still needing to fully recover from a catastrophic event as well as further fuelling the cyber-criminal system.”

Turedi claimed organizations would be better off spending money on improving protective measures.

However, here too the report found widespread failures. On average, respondents estimated it would take 146 hours to detect a cybersecurity incident, up from 117 hours in 2020.

Once detected, it takes organizations a further 11 hours to triage, investigate and understand a security incident and 16 hours to contain and remediate one.

Some 69% of respondents said they suffered an incident because of staff working remotely.

What’s Hot on Infosecurity Magazine?