New research has shown that when cybercriminals manage to extort money from a ransomware victim, they rarely use the cash for the holidays – instead, they use the newly acquired funds to fund more cybercrime activities.
AND report (opens in a new tab) from Trend Micro claims that while only 10% of ransomware victims pay the ransom, the amount paid is often used in future attacks.
The report also states that victims who agree to pay the ransom tend to do so quickly and are often forced to pay more for the incident.
Funding subsequent attacks
Moreover, although risk is not homogeneous and varies by sector, company size, country, etc., there is a certain degree of similarity between them. Namely, victims in some countries and certain industries tend to pay higher demands than others, making them a more popular target among attackers.
Typically, companies are advised against paying the ransom. Payment does not guarantee that they will recover their data, even partially. At the same time, it motivates attackers to continue their ransomware operations. Finally, there is no guarantee that the same organization will not be targeted again, by the same cybercriminal or by someone else entirely.
Trend Micro also added that paying the ransom “often just adds to the overall cost of the incident with few other benefits.”
Instead, companies should build their infrastructure and be prepared for potential attacks. The researchers found that January and July-August are the best times of year for this, as these are the times when ransomware monetization activity is lowest.
“By prioritizing protection to the left of the kill chain, continuing to in-depth analysis of ransomware ecosystems, and focusing global efforts on reducing the percentage of paying victims,” companies can make ransomware attacks less profitable for attackers.