Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

27% of Ransomware Victims Pay the Ransom

November 19, 2020

ZDNet reported on November 18 that a recent Crowdstrike study found that 27% of ransomware victims said their organization paid the ransom after their data was encrypted. Worse yet, the study, based on responses from thousands of cybersecurity professional and IT decision makers, found that the average ransomware amount is now more than $1 million.

Businesses justify making the payment because getting the decryption key from the attackers is viewed as the quickest and easiest way to restore the network. I would add that they often see paying the ransomware as the cheapest way to recover from the attack. This assumes of course that they actually get the decryption key. Usually they do.

Over three-quarters of respondents to the survey say that in the wake of a successful ransomware attack, they upgraded their security software and infrastructure in order to reduce the risk of future attacks, while two-thirds made changes to their security staff. That last part made me laugh because we have seen many firings after a successful ransomware attack, the success coming from the ineptitude of whomever was handling their cybersecurity.

It is odd to me that almost a quarter of ransomware victims don't plan to make changes to their cybersecurity policies, which of course puts them at risk of becoming victims again. This is especially true in a work-from-home world.

Two quick pointers: Make sure that systems are updated with the latest security patches. We handled one case where the person in charge of cybersecurity had a "no patch" policy because he believed that patches "broke things." True once in a while, but the risk of not patching is huge. Also, use two-factor authentication anywhere you can.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson