IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Paying ransomware gangs could fund up to ten additional attacks

The research from Trend Micro highlights the potential domino effect of paying ransoms

Ransomware victims that cave to extortion demands inadvertently fund anywhere between six to 10 new attacks, according to research from Trend Micro.  

Analysis of ransomware attack methods and the tactics employed by cyber criminal gangs over the last year found that businesses that choose to pay ransoms end up providing vital finances for threat actors, enabling them to continue targeting organisations. 

While Trend Micro’s research found that these businesses only constitute 10% of victims, the broader impact is felt acutely by other firms.

“This is an ethical decision to make for victimised organisations at the board level when considering whether to pay a ransom,” the report stated.

“By paying the ransom, a victim would be directly financing the ransomware group and enabling it to impose the same damage on other organisations.” 

Additionally, the research found that those who pay ransoms end up paying more on average due to a common approach among businesses to refuse to negotiate, forcing gangs to increase demands to maintain profitability.  

“Those who pay – and these are usually larger companies that can afford – are demonstrating a willingness to pay, and the ransomware threat actors are demonstrating willingness to accept,” the report noted.  

“This will drive a natural tendency toward higher payments if these ransomware groups are to remain profitable. Thus, in today’s world, it is safe to assume that those who do pay are paying over the odds.” 

Pay the price, then pay again

Trend Micro said there is also “increasing evidence” to suggest that paying ransoms only increases the overall cost of an incident, rather than reducing it.  

Paying might result in an organisation regaining control of its data, but follow-up costs due to business disruption and customer hesitancy can place significant strain on finances. 

“The business interruption costs during that period of restoration still take place, even after the victim has paid the ransom,” the report stated.  

“The share price reduction will also still take place, just as the public relations costs, credit monitoring costs, and incident response costs will all still need to be paid. Ultimately, victims could still be liable under various jurisdictions for the effects of a data breach. All of these contribute to a world where paying the ransom only increases the cost of the incident.” 

Ransom payment conundrum

In recent years, businesses have been advised not to engage with cyber criminal outfits or pay ransoms in the event of compromise. 

Guidance issued by the National Cyber Security Centre (NCSC) states that “law enforcement does not encourage, endorse, nor condone the payment of ransom demands”.

Related Resource

Unified Endpoint Management and Security in a work-from-anywhere world

Management and security activities are deeply intertwined, requiring integrated workflows between IT and security teams

Whitepaper cover with image of female working remotely at a laptop on her sofaFree Download

The NCSC says that there is “no guarantee” that an organisation will successfully regain access to stolen data and that engaging with groups directly funds criminal activity.

Its long-held stance was evidenced in the recent attack on Royal Mail International which led to the LockBit ransomware group publishing the entire negotiation transcript.

The NCSC is believed to have played a role in the negotiations, confirming it was involved in the investigation of the incident from the outset.

Research has also shown that by paying demands, businesses are also more likely to be targeted in future.  

In July last year, the UK's cyber authority warned businesses to avoid paying ransoms in a joint statement with the Information Commissioner’s Office (ICO).  

The joint letter, addressed to the Law Society, asked the organisation to “remind its members” of their advice on ransomware payments. 

The call-to-action followed analysis from both the ICO and NCSC which found that there had been an increase in ransomware payments.  

“In some cases solicitors may have been advising clients to pay, in the belief that it will keep data safe or lead to a lower penalty from the ICO,” the NCSC said in a statement at the time.  

In the United States, businesses are urged to follow similar guidance on negotiating with cyber criminals. The FBI and Department of Homeland Security strongly advise against paying ransoms

Nonetheless, this has not deterred businesses. Earlier this month, UK software company ION Trading reportedly paid a ransom to recover seized files after it was successfully breached by the LockBit ransomware gang.  

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download


Ransomware now strikes one in 40 organisations per week, Check Point finds

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023