Which companies pay the buyout first and how much are they willing to pay?
A new study by Dutch specialist Tom Moers from the University of Twente has identified factors that affect the likelihood that victims of ransomware will pay ransom to attackers.
For the analysis, data from the Dutch police on 382 incidents and information from the incident response company on another 100 cases for the period from 2019 to 2022 were used. The vast majority of attacks were directed specifically at Dutch companies.
Of the 430 victims during this period, 28% decided to make concessions to hackers. The average purchase amount was just over 431,000 euros.
Companies that engaged third-party specialists were much more likely to agree to pay - more than 50% of cases, compared with 21% among those who applied only to the police.
Organizations that had insurance coverage for ransomware attacks paid significantly higher amounts on average - about 708,000 euros compared to 133,000 euros for uninsured firms. However, the presence of insurance did not affect the share of companies that agreed to the terms of the attackers: it was the same in both groups.
Although companies that had backed up their data were less likely to agree to pay a ransom, the amount of money they spent was higher. Probably the reason is that they had particularly valuable information that could not be allowed to be lost.
The decision to pay and the amount of the ransom was particularly strongly influenced by cases of data theft by intruders. In these situations, the share of those who paid increased to 40%, and the average amount of redemption was more than 13 times higher - about 1.2 million euros.
The most attractive targets were IT companies that paid more than 268,000 euros on average. This is due to the critical importance of their services for many customers.
The study revealed a number of factors that influence the behavior of victims in ransomware attacks. The scientists findings will help both companies and law enforcement agencies in the fight against the growing threat of ransomware attacks.
A new study by Dutch specialist Tom Moers from the University of Twente has identified factors that affect the likelihood that victims of ransomware will pay ransom to attackers.
For the analysis, data from the Dutch police on 382 incidents and information from the incident response company on another 100 cases for the period from 2019 to 2022 were used. The vast majority of attacks were directed specifically at Dutch companies.
Of the 430 victims during this period, 28% decided to make concessions to hackers. The average purchase amount was just over 431,000 euros.
Companies that engaged third-party specialists were much more likely to agree to pay - more than 50% of cases, compared with 21% among those who applied only to the police.
Organizations that had insurance coverage for ransomware attacks paid significantly higher amounts on average - about 708,000 euros compared to 133,000 euros for uninsured firms. However, the presence of insurance did not affect the share of companies that agreed to the terms of the attackers: it was the same in both groups.
Although companies that had backed up their data were less likely to agree to pay a ransom, the amount of money they spent was higher. Probably the reason is that they had particularly valuable information that could not be allowed to be lost.
The decision to pay and the amount of the ransom was particularly strongly influenced by cases of data theft by intruders. In these situations, the share of those who paid increased to 40%, and the average amount of redemption was more than 13 times higher - about 1.2 million euros.
The most attractive targets were IT companies that paid more than 268,000 euros on average. This is due to the critical importance of their services for many customers.
The study revealed a number of factors that influence the behavior of victims in ransomware attacks. The scientists findings will help both companies and law enforcement agencies in the fight against the growing threat of ransomware attacks.
