9 out 10 made at least one ransomware payment

Ransomware attacks have risen dramatically in just over a year, which has led to the vast majority of IT decision-makers reporting they've made at least one payment in the same timeframe.

These were among the findings of cybersecurity solutions company ExtraHop, which found that 95% of people who provide input into their company's IT decisions reported experiencing at least one ransomware incident last year. The average number of incidents, which include both successful and non-successful ransomware attempts, was eight. The data indicates that organizations are increasingly losing ground against ransomware; while 9% said they experienced no incidents in 2022, last year that proportion shrank to 5%. ExtraHop said that, in the most recent survey, 58% of organizations experienced six or more incidents in 2023, up 32% year over year.

Further, people are actually paying these ransoms more often. ExtraHop said 91% of organizations paid at least one ransom last year, and 75% of respondents said they paid more than half the time. The number of organizations never having paid a ransom has significantly decreased — in the 2022 survey results, 28% of respondents never paid the ransom, compared to 17% in 2023 and 9% in 2024.

kaptn - Fotolia

"We suspect more organizations are paying ransoms because they can't afford not to pay. This could be due to a variety of factors. For one, they may lack the business and operational resilience to weather a ransomware attack. So they pay the ransom out of desperation or necessity, believing that paying the ransom provides them with the quickest path back to restored business operations. And when people's health or lives are at stake, some organizations have no choice but to pay," said the report, though it noted that paying the ransom doesn't guarantee an organization will get its data back, and that other research shows that organizations that have fallen victim to a ransomware attack are six times more likely to be targeted again over the next three months.

The most common payment amount, taking up 41.6% of ransoms, was somewhere between $500,000 and $1 million.

This is part of the overall trend of growing cybercrime costs. A February study from Statista said that in 2024 alone the global cost of cybercrime is expected to be $9.22 trillion — an eye-watering sum that is roughly equal to the GDP of Japan and Germany combined. By 2028, costs are estimated to rise even further to $13.82 trillion, just four trillion short of China's entire GDP. This cost included stolen money, damage and destruction of data, lost productivity, theft of intellectual property, theft of personal or financial data, post-attack disruption to the ordinary course of business, restoration and deletion of hacked data and systems, and reputational harm.

Putting things in private sector terms, the estimate cybercrime toll in 2024 is about as big as the total market caps of Microsoft, Apple, Google and NVIDIA combined — or about 19 times the total value of Walmart.

Costs like this include ransomware, yes, but other kinds of cybercrime as well, like identity theft, which tends to be driven by data breaches. These, too, are on the rise according to cybersecurity solutions provider Surfshark, with data breaches having grown by 434.9% from just Q3 to Q4 of 2023. In the third quarter of 2023, 627 accounts were being breached every minute. In the fourth quarter, however, 3,353 accounts were leaked every 60 seconds. The U.S. experienced about 90 million breaches, more than any other country; China was a distant second, at about 70 million. However, when looking at things in terms of growth, the data shows that the central Asian nation of Kyrgyzstan seems to be under some sort of cyber crime wave, as breaches have increased 19,240% over the course of a year.

Regardless, numbers like these indicate that cybercrime is, unfortunately, a booming business.

"Some still believe a typical hacker is just a guy wearing a hoodie in a dark room. But that isn't true anymore. Cybercrime has evolved into a professionalized global enterprise with skilled hackers, nation-state backed groups, and organized cybercrime rings working in tandem," said Carlos Salas, a cybersecurity expert at virtual private network provider NordLayer.