When an attacker manages to extort money from a ransomware victim, they rarely use the money to go on vacation, instead using the newly acquired money to fund more cybercrime activities, new research finds.
A report (opens in new tab) by Trend Micro claims that while only 10% of ransomware victims end up paying the ransom, the money paid is often used in future attacks.
The report also revealed that victims who agree to pay the ransom usually do so quickly and are often forced to pay more per incident.
Funding more attacks
Moreover, while the risk is not homogeneous and differs by sector, company size, country, etc. – there is a certain similarity between them. Victims in some countries, and some industries, tend to pay a higher demand than others, making them a more popular target for attackers.
Usually, companies are advised against paying the ransom. The payment does not guarantee that they will get their data back, even partially. At the same time, it motivates the attackers to continue their ransomware operations. And finally – there is no guarantee that the same organization will not be targeted again – by the same threat actor, or by someone completely different.
Trend Micro also added that paying the ransom “often only results in driving up the total cost of the incident with little other benefit.”
Instead, the companies must build their infrastructure and be prepared for possible attacks. The best time of year to do this is January and July-August, as those are the times when ransomware monetization activity is lowest, the researchers said.
“By prioritizing protection left of the kill chain, continuing an in-depth analysis of the ransomware ecosystems, and focusing global efforts on reducing the percentage of paying victims,” companies could make ransomware attacks less profitable for the attackers.