Organisations are giving in to the demands of cybercriminals and it is costing them big time. That is to say that over a quarter of organisations that fall victim to ransomware attacks, feel there is just no other option other than to give in and payout. And on average, it is costing them over $1 million in ransom money.

After looking at responses from across the globe, from thousands of information security professionals and IT decision makers, a Crowdstrike study found that almost a third of their organisations had paid out the ransom demand after a breach. As a result of their network having been encrypted with ransomware.

However most law enforcement agencies would recommend that organisations should never give in and payout. But on the other hand, businesses want to get on with their business, so they opt for the way they believe is the fastest and simplest to restore the network.

Firstly, it’s important to note that if ransomware gangs are making good money it will encourage them even more to continue their campaigns.

Secondly, there is just no guarantee hackers will restore the network completely.

Moreover, falling victim to a cyberattack will in most cases mean a loss of income due to the business downtime.

So, falling victim to ransomware costs the organisation all round.

And just to reiterate, cyber-criminals have tapped into making good money, in some circumstances $1.1 million a pop on average. As a result, they’re generating a lucrative criminal enterprise by infecting networks with ransomware.

But becoming a victim does tend to be a bit of a wake – up call for most.

For instance

1. over 75% of those surveyed said in- order to reduce the risk of future attacks their organisation upgraded its security software and infrastructure.

2. over 66% of those surveyed said in- order to reduce the risk of future attacks there were changes made to security staff.

Meanwhile, why the other almost 25% of businesses who fall victim to ransomware attacks don’t make any changes to their cybersecurity plans, or even plan to, is unclear. But I guess they know the risks!

Most importantly, the risks have only increased due to the rise of people working from home because of the coronavirus pandemic.

Zeki Turedi, chief technology officer for EMEA at CrowdStrike says that “In a remote-working situation the attack surface has increased many times and security cannot be a secondary business priority.”

To avoid becoming a ransomware attack victim:

Firstly, ensure that systems are updated with the latest security patches. It can prevent cyber criminals taking advantage of known vulnerabilities to deliver their ransomware.

Secondly, deploy two-factor authentication throughout the organisation to make it harder for criminals to move around the network in the event of a breaching the perimeter. It stops them from compromising more of the network with ransomware or any other form of malware.

Any business would be watery eyed at even the thought of losing $1.1 million. So, it’s surprising that organisations are not better prepared considering the possibility of a huge payout.