Last Updated on 08/12/2021 by Sunaina
According to CrowdStrike, 96 percent of ransomware victims who agree to their extortionists’ demands are then compelled to pay extra costs totaling hundreds of thousands of dollars.
The 2021 CrowdStrike Global Security Attitude Survey was gathered from interviews with 2200 top IT and cybersecurity decision makers in the United States, Europe, and Asia Pacific.
It discovered that two-thirds (66 percent) of respondents had experienced at least one ransomware assault in the previous year, with average payouts increasing by 63 percent. They were lowest in EMEA ($1.3m), followed by the United States ($1.6m), and highest in APAC ($2.4m).
The average ransomware group demand was $6 million. The difference between this sum and what victims wind up paying, according to CrowdStrike, is due to corporations being better at negotiating and understanding their risk exposure.
Threat actors, on the other hand, are attempting to recuperate cash in different methods, most notably by extorting the same victims many times for the same assault. According to the analysis, these additional payments cost victims an average of $792,493.
“One of the worst mistakes that a firm that becomes a victim of a ransomware attack may make is believing that paying the ransom would make all of your troubles disappear,” CrowdStrike’s EMEA CTO, Zeki Turedi, told Infosecurity.
“What most organizations are completely unaware of is that not only will paying the ransom almost certainly result in another attack in the future, but it also leaves them in the position of still needing to fully recover from a catastrophic event while also further fueling the cyber-criminal system.” Turedi suggested that corporations would be better served investing in improved security procedures.
However, the investigation discovered major shortcomings in this area as well. Respondents anticipated that it will take 146 hours on average to discover a cybersecurity attack, up from 117 hours in 2020. When a security problem is found, it takes organizations 11 hours to triage, analyze, and comprehend it, and 16 hours to contain and remedy it. 69 percent of respondents reported an incident as a result of workers working remotely.