Ransomware victims that cave to extortion demands inadvertently fund anywhere between six to 10 new attacks, according to research from Trend Micro.
Analysis of ransomware attack methods and the tactics employed by cyber criminal gangs over the last year found that businesses that choose to pay ransoms end up providing vital finances for threat actors, enabling them to continue targeting organisations.
While Trend Micro’s research found that these businesses only constitute 10% of victims, the broader impact is felt acutely by other firms.
“This is an ethical decision to make for victimised organisations at the board level when considering whether to pay a ransom,” the report stated.
“By paying the ransom, a victim would be directly financing the ransomware group and enabling it to impose the same damage on other organisations.”
Additionally, the research found that those who pay ransoms end up paying more on average due to a common approach among businesses to refuse to negotiate, forcing gangs to increase demands to maintain profitability.
“Those who pay – and these are usually larger companies that can afford – are demonstrating a willingness to pay, and the ransomware threat actors are demonstrating willingness to accept,” the report noted.
“This will drive a natural tendency toward higher payments if these ransomware groups are to remain profitable. Thus, in today’s world, it is safe to assume that those who do pay are paying over the odds.”
Pay the price, then pay again
Trend Micro said there is also “increasing evidence” to suggest that paying ransoms only increases the overall cost of an incident, rather than reducing it.
Paying might result in an organisation regaining control of its data, but follow-up costs due to business disruption and customer hesitancy can place significant strain on finances.
“The business interruption costs during that period of restoration still take place, even after the victim has paid the ransom,” the report stated.
“The share price reduction will also still take place, just as the public relations costs, credit monitoring costs, and incident response costs will all still need to be paid. Ultimately, victims could still be liable under various jurisdictions for the effects of a data breach. All of these contribute to a world where paying the ransom only increases the cost of the incident.”
Ransom payment conundrum
In recent years, businesses have been advised not to engage with cyber criminal outfits or pay ransoms in the event of compromise.
Guidance issued by the National Cyber Security Centre (NCSC) states that “law enforcement does not encourage, endorse, nor condone the payment of ransom demands”.
RELATED RESOURCE
Unified Endpoint Management and Security in a work-from-anywhere world
Management and security activities are deeply intertwined, requiring integrated workflows between IT and security teams
The NCSC says that there is “no guarantee” that an organisation will successfully regain access to stolen data and that engaging with groups directly funds criminal activity.
Its long-held stance was evidenced in the recent attack on Royal Mail International which led to the LockBit ransomware group publishing the entire negotiation transcript.
The NCSC is believed to have played a role in the negotiations, confirming it was involved in the investigation of the incident from the outset.
Research has also shown that by paying demands, businesses are also more likely to be targeted in future.
In July last year, the UK's cyber authority warned businesses to avoid paying ransoms in a joint statement with the Information Commissioner’s Office (ICO).
The joint letter, addressed to the Law Society, asked the organisation to “remind its members” of their advice on ransomware payments.
The call-to-action followed analysis from both the ICO and NCSC which found that there had been an increase in ransomware payments.
“In some cases solicitors may have been advising clients to pay, in the belief that it will keep data safe or lead to a lower penalty from the ICO,” the NCSC said in a statement at the time.
In the United States, businesses are urged to follow similar guidance on negotiating with cyber criminals. The FBI and Department of Homeland Security strongly advise against paying ransoms.
Nonetheless, this has not deterred businesses. Earlier this month, UK software company ION Trading reportedly paid a ransom to recover seized files after it was successfully breached by the LockBit ransomware gang.
-
Microsoft CEO Satya Nadella says UK ties are 'stronger than ever' as tech giant pledges $30bn investmentNews Microsoft CEO Satya Nadella says it's commitment to the UK is "stronger than ever" after the tech giant pledged $30bn to expand AI infrastructure and build a new supercomputer.
-
OpenAI just revealed what people really use ChatGPT forNews More than 70% of ChatGPT queries have nothing to do with work, but are personal questions or requests for help with writing.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
