The lack of trustworthiness of ransomware operators was highlighted in a global study of ransomware victims. It was found that in most cases, the extortion merely continues even after paying the ransom. This is not a surprise or novel finding, but seeing it represented in actual figures allows one to fully grasp the scope of the problem.
Venafi, a cybersecurity firm, performed the study, and the following are the most critical conclusions from the respondents:
- 83% of ransomware victims who paid the demanded amount were extorted a second, third, or even fourth time.
- The data of 18% of victims who paid the ransom was still exposed on the dark web.
- The attackers sought to extort their clients after 8% of them refused to pay the ransom.
- Despite paying the ransom, 35% of victims could not retrieve their data.
Extortion strategies used by ransomware actors are characterized as follows:
- In 38% of cases, ransomware attacks threatened to use stealthily obtained data to extort consumers.
- In 35% of cases, ransomware attacks threatened to reveal stolen data on the dark web.
- In 32% of cases, ransomware attacks threatened to directly notify the victim’s clients about the data breach event.
Several reasons contribute to the lack of trust in ransomware attackers’ hollow claims to their victims:
- To begin with, most RaaS enterprises are short-lived. Therefore, their primary goal is to maximize earnings in the shortest amount of time. As a result, they are unconcerned with their long-term reputation.
- Secondly, many renegade affiliates do not adhere to the regulations established by the leading ransomware operators, and enforcing these rules is rarely a priority for these organizations.
- Lastly, even if the data isn’t immediately exposed, the relics of data breaches can be kept on different threat actor systems for a long time and nearly always find their way to the larger cyber-crime community sooner or later.
As Venafi points out in its research, paying the ransom just encourages fraudsters to come back for more since it conveys the message that the victim sees this as the simplest route out of difficulties, which is a deception. This study backs up the conclusions of another Proofpoint analysis released recently, which details the findings of a poll of thousands of employees and hundreds of IT experts conducted in seven countries.
In 2021, 70% of poll respondents said they would have suffered at least one ransomware attack. 60% of them chose to negotiate with the attackers, and many paid the ransom multiple times. In conclusion, victims should not give in to ransomware demands, but rather recover systems and data from backups and report the event to law enforcement and data protection authorities.
