Article by Jaco Liebenberg May 11 2021

 

In a recent article, Forbes concluded that “it doesn’t pay to pay“ a ransom because paying doesn’t guarantee you’ll get your data back. This conclusion comes from the strength of a survey commissioned across 30 countries, involving 5400 IT decision-makers in January and February this year.

The State of Ransomware 2021 survey reports that of all the medium-size organisations who paid a ransom, only 8% got their data back. In other words, a startling 92% didn’t get what they’d been promised after transferring the cash.

The survey also showed that 37% of respondents experienced a ransomware attack in the past year. Typically, the ransomware held users to ransom by encrypting their data or locking them out of their devices. The figure is down from 51% in 2020 and 54% in 2017 so that at least is encouraging.

What comes as a surprise is that MORE organisations decided to pay a ransom in 2021 than in 2020. The trigger for this response isn’t certain, but it points to the fact that best practices on how to respond to ransomware aren’t clear.