Study Reveals That Paying a Ransom Increases Two-fold the Expense of Recovery from a Ransomware Attack

Institutions that suffer a ransomware attack could be persuaded to pay the ransom to diminish downtime and costs on recovery, yet a Sophos survey shows institutions that pay the ransom in fact wind up expending far more than those that restore their files using backups.

The FBI doesn’t endorse paying a ransom since doing so gives threat actors funds to make it possible for them to carry out even more attacks on victims. In addition, there’s no assurance that the attackers will give legit keys for decrypting information. The higher cost may now be another point added to the checklist of reasons for not paying.

The market research agency Vanson Bourne performed the survey between January and February 2020 on roughly 5,000 IT decision makers at firms with 100 to 5,000 personnel all across 26 countries among them are Canada, the United Kingdom and the United States.

51% of the surveyed people mentioned they had suffered a ransomware attack in the past 12 months, 73% reported that the attack resulted in data encryption. 26% of the attacked establishments paid off the ransom and 73% did not pay. 56% of organizations mentioned they had recovered their files from backups. Out of the organizations that settled the ransom, 95% reported they had retrieved their information. 1% of organizations that paid the ransom demand mentioned they did not retrieve their data.

84% of companies mentioned they acquired a cyber insurance policy, nevertheless only 64% stated that policy dealt with ransomware attacks. Of the 64% that got insurance protection for ransomware attacks, 94% claimed the insurance firm paid the ransom.

Ransomware attack victims were instructed to provide an approximate cost of the attack, as well as downtime, employees costs, devices costs, lost revenue, and other linked costs. The average cost in the event where the organization did not pay the ransom was $732,520. The cost spent by businesses that paid the ransom was close to twice that amount – $1,448,458.

The ransom payment ought to be covered, which is usually large, and a lot of the expenses linked with an attack need to be covered even when the ransom is paid off. It may well be an enticing solution to pay the ransom in order to be able to recover quicker, nevertheless the fact is recovery may well not be reduced significantly even when paying the ransom. Ofttimes a separate decryption key is needed per endpoint therefore recovery will still be an unbelievably time consuming activity, which might not be easy. It is additionally not unheard of for data to be corrupted during the encryption and decryption.

The take-home principle is to be sure that you have the choice of retrieving files using backups, which means making sure a number of backups are prepared with one copy kept on an air-gapped device. Backups need to be tested also to be sure that data wasn’t corrupted and it’s possible to get back the file. You should then abide by the FBI’s instructions and not pay the ransom unless of course, you have no other solution.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at