Kaspersky report reveals 9-in-10 organizations already attacked by ransomware would pay ransom if targeted again

For Anti-Ransomware Day on May 12, 2022, global cybersecurity company Kaspersky took a snapshot of business executives’ attitudes towards ransomware.

A Kaspersky report found that 88% of organizations previously attacked by ransomware, business leaders would choose to pay a ransom if faced with another attack.

According to the report “How business executives perceive ransomware threat”, 33% these previously attacked companies are also more inclined to pay as soon as possible to get immediate access to their data, versus 15% of companies that have never been victimized.

Of those previously attacked companies, 30% would pay only after a couple of days of unsuccessful decrypting attempts, versus 19% who haven’t been a victim.

Across organizations that have yet to be victimized, only 67% would be willing to pay, and they would be less inclined to do so immediately. While ransomware remains a prominent threat, with two-thirds (64%) of companies already having suffered an attack, paying ransom seems to be perceived by executives as a reliable way of addressing the issue.

Business leaders within organizations that have previously paid a ransom seem to believe that this is the most effective way to get their data back with 97% of them willing to do this again.

This willingness for companies to pay could be attributed to having little awareness of how to respond to such threats, or to the length of time it takes to restore data, as businesses can lose more money waiting for data restorations than they would paying the ransom.

Ransomware remains a real threat to cybersecurity. Two-thirds (64%) of companies confirm they have experienced this type of incident and 66% anticipate that an attack on their business will happen at some stage, viewing it as more likely than other common attack types, such as DDoS, supply-chain, APT, cryptomining or cyber-espionage.

Kaspersky corporate product marketing vice president Sergey Martsynkyan said ransomware has become a serious threat to corporations with new samples regularly emerging and APT groups using it in advanced attacks.

“Even an accidental infection can cause problems for a company. And because it’s about the business continuity, executives are forced to make tough decisions about paying the ransom.

“Giving money to criminals is never recommended though, as this doesn’t guarantee that the encrypted data will be returned and it encourages these cybercriminals to do it again.

“At Kaspersky, we are working hard to help the business community avoid such outcomes. It is important for companies to follow basic security principles and look into reliable security solutions to minimize the risk of a ransomware incident. On Anti-Ransomware Day, it is worth remembering these practices,” he said.