Ransomware Payments on the Rise

More ransomware victims than ever before are complying with the demands of their cyber-attackers by handing over cash to retrieve encrypted files. 

New research published March 31 by CyberEdge shows that both the number of ransomware attacks and the percentage of attacks that result in payment have increased every year since 2017.

The CyberEdge 2020 Cyberthreat Defense Report states 62% of organizations were victimized by ransomware in 2019, up from 56% in 2018 and 55% in 2017. 

"Ransomware is trending in the wrong direction . . . again," states the report's authors. 

"This rise is arguably fueled by the dramatic increase in ransomware payments."

In 2017, just 39% of organizations hit by ransomware paid to retrieve their encrypted data. That figure rose to 45% in 2018, then shot up to 58% in 2019. 

To create the annual report, CyberEdge surveyed 1,200 qualified IT security decision makers and practitioners from organizations with over 500 employees in 19 different industries. The organizations were located in 17 countries across North America, Europe, the Middle East, Africa, Asia Pacific, and Latin America.

Another key finding of the report was that last year, for the first time ever, more than a third (35.7%) of organizations experienced six or more successful attacks.

When questioned over the future cybersecurity of their organization, respondents revealed that they were picking up bad vibes. 

"The number of respondents saying that a successful attack on their organization is very likely in the coming 12 months reached a record level," states the report. 

Of those IT security professionals surveyed, 69% believe a successful attack to be in the cards in 2020. This doom-laden percentage was up from 65% in 2019 and 62% in 2018. 

As for which cyber-threats caused the greatest amount of concern, survey respondents said malware was the biggest problem, closely followed by phishing and ransomware, which tied in second place.

This year was the first time that the CyberEdge survey respondents were asked if they were concerned about attacks on brand and reputation in social media and on the web. This new threat tied in tenth place with watering-hole attacks, but the report's authors predict it will place higher next year.

They wrote: "We think this category (which includes hijacking social media accounts, using typo squatting website for fraud, and selling counterfeit goods online) will become more of a concern in the cybersecurity community."

What’s Hot on Infosecurity Magazine?