Organisations increasingly refuse ransom demands, says DBIR report

Today

The latest edition of the Verizon Data Breach Investigations Report (DBIR) has highlighted significant shifts in global cyberthreat trends, particularly surrounding the ongoing challenge of ransomware attacks. The report, published this week, provides a comprehensive analysis of notable incidents and tactics used by cybercriminals over the past year and offers insight into both the evolution of cyberattacks and changing defensive strategies in organisations globally.

One of the key findings in this year's report is a notable decline in the number of organisations paying ransoms following a ransomware attack. The DBIR indicates that ransomware was involved in 44% of data breach incidents, but 64% of affected organisations did not accede to ransom demands. This development suggests an increasing awareness of best practices among businesses and a potential shift in strategy by corporate leadership and IT teams in response to ransomware's perennial threat.

Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, reflected on these findings, stating, "It's encouraging to see a decline in ransomware payments. This could be partially due to greater awareness, plus various takedown operations by law enforcement and international efforts in recent years. The decline could also be a result of improved resilience, which may also be linked to improving business continuity planning and maturing responses to ransomware."

Despite the fall in ransom payments, Costis cautioned that the threat is far from abating, indicating that perpetrators are adapting their tactics and finding new targets. "Attacks are still continuing to evolve due to the rise in incidents. Attackers have adapted, and are targeting companies with limited security resources, which makes it imperative that SMB organisations receive the support that is required to fend off these attacks," he added.

Nick Tuasek, Lead Security Automation Architect at Swimlane, also weighed in on the report's findings, noting the ongoing transformation of ransomware operations. "Ransomware's rise in impact will continue to increase in the coming years with the popularisation of Ransomware as a Service (RaaS) on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy."

Tuasek echoed the sentiment that industry collaboration and consistent refusal to pay ransoms is vital to stemming the tide of attacks. "It's great news that fewer organisations are paying the ransoms. The only way to get ransomware to stop is to band together as an industry and make it no longer profitable by refusing to pay the ransoms," he said.

The DBIR also points to a disproportionate impact on smaller businesses, underscoring the vulnerabilities faced by organisations with fewer resources. Tuasek highlighted several reasons behind this vulnerability: "There are a few reasons why these organisations are more vulnerable to ransomware attacks, the first being lower general cybersecurity maturity. A robust cybersecurity programme or hiring an MSSP can be priced outside the reach of small organisations. Additionally, a lack of mature disaster recovery procedures or processes in smaller organisations is common, meaning these organisations may be more tempted to pay the ransom to regain access to their data and network quickly."

The report's findings add to ongoing discussions among policymakers, business leaders, and cybersecurity experts about the need for increased investment in security infrastructure, especially for smaller organisations. Many agree that further cooperation between private and public sectors, coupled with effective law enforcement action and technological innovation, will be critical in combating the continuing evolution of ransomware and broader cyberthreats facing enterprises worldwide.

Share on: