Paying Ransom Doubles Ransomware Attack Recovery Cost, Says Sophos

Many organisations have always considered paying cyber ransom whenever they are hit by a ransomware attack. Doing so might however not be a good idea as it may double their incident recovery costs, according to “The State of Ransomware 2020” report from cybersecurity company Sophos.

The average cost of addressing a ransomware attack according to a global survey done by Sophos was approximately $730,000 for organizations that did not pay a ransom. This cost the report says rose to $1.4 million among organizations that paid a ransom.

The survey polled 5,000 IT decision makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa. 

The survey also notes that more than half (51%) of organizations had experienced a significant ransomware attack in the previous 12 months, compared to 54% in 2017. In the MEA region, 43% of the organizations surveyed mentioned a ransomware attack in the last one year. Globally Data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organization, while in the MEA region, it was 63%. 

More than one quarter (27%) of organizations hit by ransomware admitted paying the ransom. The survey also revealed 23% of the organizations that were attacked in the MEA region admitted to paying the ransom.

“Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos. 

More than half (56%) the IT managers surveyed were able to recover their data from backups without paying the ransom compared to 60% in the MEA region. In a very small minority of cases (1%) globally and 3% in the MEA region, paying the ransom did not lead to the recovery of data. This figure rose to 5% for public sector organizations. In fact, 13% of the public sector organizations surveyed never managed to restore their encrypted data, compared to 6% overall. 

However, contrary to popular belief, the public sector was least affected by ransomware, with just 45% of the organizations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.

Follow us on Telegram, Twitter, Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.