Would You Pay a Cyber-Extortionist?
Organizations that have suffereda ransomware attack before are more likely to pay up again, and keep mum about it too, according to a ThreatTrack study. Overall, 30 percent of enterprises surveyed said they would negotiate with cybercriminals for the safe recovery of stolen or encrypted data. In companies that had been victims of cyber-extortionists before, that number jumped to 55 percent.
Eighty-six percent of respondents believed that other organizations have negotiated with cyber criminals, and 23 percent (43 percent of previous victims) said enterprises should start budgeting money for the purpose of paying ransoms. Fifty-nine percent of all respondents say cyber insurance providers should hire professional negotiators to liaise between victim organizations and criminals.
Most opposed to the idea of paying ransoms were healthcare enterprises (92 percent against) and financial services (80 percent against). Respondents in retail and telecom sectors were most concerned about their reputation with consumers should an attacker choose to publish stolen data if the company refused to pay.