Most organizations pay ransoms when they find themselves victim of a ransomware attack, a new survey by Extrahop has highlighted.
In a report released at Black Hat USA, Extrahop found that the average number of ransomware incidents per organization in 2023 was eight and 22% of organizations deem ransomware to be the biggest risk they face.
The firm surveyed 1100 IT and cybersecurity leaders in different industries across the globe to gather its findings.
Ransom Payments Skyrocket
The average ransom payment was $2.5m, with the government sector having the largest percentage of organizations paying upwards of $25m in total ransom payments, according to Extrahop.
It was recently reported that cybersecurity firm Zscaler had uncovered evidence of a $75m ransom payment made by an undisclosed entity to cybercriminal group Dark Angles.
This payment can be considered a very significant payout, especially since it targeted a single, undisclosed victim, Jamie Moles, Senior Technical Manager at ExtraHop, told Infosecurity.
“Knowing that ransomware activity is increasing year-over-year, we can expect this won’t be the last of this scale. It’s likely that – while still a rarer occurrence – this large payout will unfortunately not be the last one we see,” he said.
Extrahop found that government sector payments were just over $3.8m per incident on average. The cybersecurity firm also found that this sector was the most likely to pay more than $25m in ransomware payments.
Organizations with more than 5000 employees were more likely to pay the ransom every time and, on average, paid more than $4m per ransom payment.
The perceived risk of ransomware varied depending on geography, with 44% of German respondents stating it as the biggest risk to their organizations while just 15% of US and 12% of French respondents concurred.
In terms of ransom payments, payouts were highest in the US and Singapore.
Why Companies Pay Ransom Demands
The decision to pay a ransom complex one and varies on a case-by-case basis.
In 2024, we have seen CDK Global make a $25m payout and Change Healthcare pay $22m to cybercriminals.
Moles pointed out that the decision to pay is often driven by a desire to minimize immediate financial and operational disruption.
“The fear of data loss, coupled with the pressure of maintaining business continuity and public confidence, can influence an organization’s decisions. However, it's important to emphasize that paying a ransom does not guarantee data recovery or prevent future attacks,” Moles said.
He noted that paying ransoms is a significant threat to overall cybersecurity and by submitting to demands, companies inadvertently fund cybercriminal networks.
“Some organizations have the perspective of paying the ransom as a way to quickly move past the incident. This culture of capitulation discourages robust cybersecurity investments, as organizations may prioritize quick fixes over long-term resilience. Ultimately, ransom payments contribute to a riskier digital landscape for everyone, as it fuels a sophisticated and adaptable criminal ecosystem,” Moles said.
Defending Against Ransomware Attacks
Cybersecurity professionals continue to be challenged to protect their organizations against ransomware attacks amid a rapidly evolving cyber-threat landscape.
Attackers are adept at exploiting human error, using new technologies like GenAI and exploiting software vulnerabilities.
Moles also noted that ransomware groups are demonstrating increased sophistication in targeting critical infrastructure, government and healthcare sectors, demonstrating the urgent need for robust cybersecurity measures and proactive threat intelligence.
“To best future proof their security stacks, organizations need to adopt solutions that build resilience and minimize cyber risk,” Moles said.