Just over a quarter of ransomware victims that paid off their attackers did so even though they did not need to, according to the latest annual State of Ransomware report from Sophos.
The study of more than 5,000 organisations found that the volume and impact of ransomware attacks continued on a relentless upward trajectory last year, with 66 percent of organisations hit by ransomware attacks in 2021, up from 37 percent in 2020.
Sophos found the average pay-out grew by nearly five times to $812,360 (£646,709), and the proportion of organisations paying over a million dollars to get their data back grew from four per cent in 2020 to 11 percent in 2021. Sophos said 46 percent of victims paid some kind of ransom and but 26 percent paid even if they had the means to restore encrypted data.
Sophos principal research scientist at Chester Wisniewski said: “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack, there is often intense pressure to get back up and running as soon as possible.
“Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organisations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organisations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”