HOUSTON–A new survey of companies across the country said it has discovered that an “alarming” one-in-three organizations have paid off cybercriminals following a breach in order to either regain control of data or their systems.
The survey involved 519 “cyber decision-makers” across the U.S. and was conducted by Bridwell, a provider of cybersecurity solutions.
According to the company, it found 36% of breached critical infrastructure organizations have paid off cybercriminals after a ransomware attack, “creating colossal implications,” 66% having experienced at least one ransomware attack in the past year.
The Findings
Among the other findings, according to Bridwell:
- 38% suffered up to five ransomware attacks, but a small percentage of organizations (32%) experienced more than 100 attacks. “In certain situations, for example, when an organization has no ability to recover from a successful attack, there may be no choice other than to pay the ransom,” the company said. “However, payment can risk infringing UK and US laws that prohibit dealings with sanctioned individuals or entities. At present, prosecutions are uncommon, however, the U.K. and U.S. governments have floated the idea of implementing a payment ban.”
- The research findings expose the multiple consequences of a ransomware attack on the U.S. critical infrastructure. Over a third of respondents, for example, cited a psychological impact on employees (36%). Downtime (43%), data loss (43%) and reputational damage (41%) are all repercussions that respondents say their organizations have suffered, along with operational disruption (40%), Bridewell reported.
- 36% are also facing increased insurance premiums, and 35% have also incurred financial losses from legal fees or fines. The average cost of a ransomware attack on US critical infrastructure organizations is now $509,942, the research reveals. “Impacts are exacerbated by the length of time it takes organizations to respond to ransomware attacks, with the average now being 16 hours,” the company said. “Without a proactive strategy to address this significant challenge of response delays, more organizations risk paying a ransom.”
- 91% U.S. respondents in the research agree that attacks are more sophisticated, with ransomware-as-a-service (RaaS) deployed with greater knowledge and cunning. “Threats are on the rise through increasing professionalization in the ransomware world and the entry of organized crime groups from other areas of criminality,” Bridewell stated.
Last Resort
“If you fall victim to a ransomware attack, paying the ransom should always be your last resort. Aside from the risk that cybercriminals may not restore access upon payment, there are also potential legal consequences to consider,” Anthony Young, CEO at Bridewell, said in a statement. “That being said, there are certain situations where organizations have no choice other than to pay. If the organization has no ability to recover, then paying the ransom may represent the only viable option to resume operations other than rebuilding their systems from scratch. However, this difficult choice is avoidable by having a security strategy to reduce the risk of threat actors gaining access and transversing through your systems without discovery and effective removal…”
How to Sign Up For the Best Daily News Email in Credit Unions? (It’s Free!)
Every workday CUToday.info delivers the most comprehensive, freshest daily newsletter with the day’s news headlines, including links to the related articles. The Fresh Today newsletter is the most timely, relevant and widely-read source of news and information in the CU community. And it’s free!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties,
And did we mention it’s free?