Hackers have increasingly gravitated to ransomware attacks in 2020, as being one of the best and most reliable paths to a payday.
That brings to mind an interesting question though. Naturally, the viability of this type of attack comes down to what percentage of victims are willing to actually pay the ransom, and what is that number as of right now?
Crowdstrike recently took a deep dive into the best available data to find out. They discovered that slightly more than one in four (27 percent) of companies that fall victim to a ransomware attack wind up paying the toll, rather than restoring from backup, and the average ransom demanded is now slightly higher than $1 million USD.
Given the steady rise in popularity of this type of attack, and how easy it is to avoid paying the ransom, one might wonder why such a high percentage of business owners opt to pay up. There are two parts to the explanation.
First, although it does seem that on the surface of things, it's easy to set the conditions that would make it easy to recover from such an attack (have regular backups). However, unfortunately in practice, that's easier said than done. Few companies back up their entire network from end to end, so even if they've got current backups, there's going to be lost data and it's going to take quite some time to restore full functionality, figure out what's missing, try and recreate that data, etc.
The other issue is that in a surprising number of cases, a company's backup plan isn't as robust or as complete as they imagined it was. We've seen instances where the company's CEO thought they were doing backups on a weekly basis, only to discover that the last good backup they had available was from six months before.
When you suffer from a ransomware attack and then find out your last backup is six months old, you don't really have any other moves to make. You pay up and hope the hackers deliver on their promise to unlock your files.
Given the prevalence of ransomware attacks, if you're not preparing for one, you should be. When was your company's last backup taken? How sure about that are you?