Please fill in the form below to subscribe to our blog

Is Paying the Ransom a Smart Choice? Many Businesses Think So

February 25, 2022

2 in 5 Business Just Pay The Extortionists & That’s a Bad Move


To pay or not to pay? That is the question that many businesses face these days after falling victim to a ransomware attack. Ransomware has exploded in the last few years, with businesses in the US seeing a 127% year-to-date increase in the number of ransomware attacks they face while UK businesses have seen an eye-popping 233% surge in ransomware infections. That puts more businesses than ever before in the unenviable position of deciding whether or not to pay the bad guys – and far too many of them are making the mistake of paying the extortionists’ demands. 


Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>


Who is Paying? 


In a 2021 FBI Internet Crime Complaint Center (IC3) report, FBI analysts disclosed that from January to July, IC3 received more than 2,000 ransomware complaints with more than $16 million in losses, a 20% increase in reported losses compared to the same time in 2020. Some industries definitely had it harder than others in 2021.

Industry% Increase in Ransomware Attacks
Governments and the Public Sector 1,885%
Healthcare 775%
Education152%
Retail21%

Source: Fortune Magazine, There’s a huge surge in hackers holding data for ransom, and experts want everyone to take these steps

Even if many executives and business owners don’t want to believe it, it doesn’t matter how big or small a business is, they’re all at risk of ransomware trouble: More than 50% of ransomware attacks hit companies with less than 100 employees. Unfortunately, that puts a lot of businesses in a somewhat desperate position, especially if they’ve neglected their incident response planning and don’t have access to recent data backups. Researchers determined that an estimated two-fifths or 39% of ransomware victims choose to pay the cybercriminals responsible for the attack, even though cybersecurity experts, government agencies and legal authorities advise companies not to.  


a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>


How Much Are They Paying? 


How much were cybercriminals asking for? Ransom amounts vary but a few consistent patterns give us a glimpse at what a victim organization may be facing. The IBM Cyber Resilient Organizations Study 2021 offers some insight.  Only 35% of the impacted organizations in this study reported that their ransom demand was less than $2 million. Instead, the majority (46%) said that cybercriminals demanded ransoms of $2 – 10 million from their organizations and 19% reported a ransom demand of $10 million to more than $50 million. That squares with a report in Tripwire detailing the average ransoms paid by organizations. Researchers concluded that average paid ransom amounts have increased by 82%. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. 

The Harris Poll interviewed 800 security decision-makers around the world to measure the impact of ransomware on their organizations, and it gathered some pretty interesting data that sheds light on the threat landscape that businesses are facing right now. A whopping 87% of respondents said their organization had been the victim of a successful cyberattack that left them holding the bag for damage, business disruption or a data breach in the last two years. Over half of those unfortunate organizations were ransomware victims. Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1 million, while 7% handed over more than $1 million.   


Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


Why Shouldn’t They Pay? 


The US Cybersecurity and Infrastructure Security Agency (CISA), US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the Australian Cyber Security Centre (ACSC), made their opinions about the wisdom of paying a ransom crystal clear in a recent joint advisory: “Cybersecurity authorities in the United States, Australia, and the United Kingdom assess that if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”  

Paying a ransom may also be unlawful in the US. September 2021 guidance from the US Treasury’s Office of Foreign Asset Control (OFAC) warns that companies face potential legal action when making and facilitating ransomware payments, cautioning that payments may violate sanctions against individuals and nations with ties to terrorism or other national security interests. The advisory also reminds people that facilitate ransom payments that they’re also potentially on the hook for legal trouble in the form of civil penalties. Several malicious threat actors have been labeled under OFAC’s cyber sanctions include organizations aligned with Russia, China and North Korea. 


faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>


What Are the Results of Paying? 


Paying extortionists is never a good idea because it never works and it isn’t an effective recovery strategy. 

You might get a decryption key, or that might cost extra. 

Just under 60% of organizations in a recent survey that had their data or systems encrypted by ransomware paid the cybercriminals for the decryption key. 54% regained access to data and systems after the first payment. But another third of ransomware victims ended up paying an additional ransom demand before they received the decryption key, while a further 10% also received additional ransom demands but refused the additional payment, walking away without their data.  

The bad guys will be back. 

Paying off the bad guys doesn’t make them go away forever. There’s no guarantee that they won’t copy your data anyway or leave a going away present of a backdoor into your systems that allows them to return at their leisure. They also tend to come back once they find a target that’s willing to shell out. CBS News reported that an estimated 80% of organizations that previously pay a ransom demand are exposed to a second attack. In a memorable story from the UK National Cyber Security Centre (NCSC) blog, an unnamed organization was hit by ransomware and opted to pay off the bad guys. They forked over more than $6 million and the bad guys actually turned over a decryptor.  Less than two weeks later, the same attacker returned and re-deployed their ransomware successfully a second time, leaving the company still in trouble and $6 million poorer.  

Insurance isn’t going to help you.  

Cyber insurance premiums are up by 56% in the US and 35% in the UK. Insurance industry experts point to ransomware as the cause of such steep increases. Ransomware cyber insurance claims worldwide clocked a 260% increase, leading to massive premium spikes. Even for businesses that have cyber insurance, there are some unexpected unpleasant surprises when the chips fall. Researchers discovered that in a survey where 79% of respondents had cyber insurance, it covered just 60% of their ransomware payment and other costs. If the company’s insurer even covered it. Major insurers like AXA have announced that they will no longer underwrite cyber insurance policies to reimburse companies for ransom payments after cyberattacks. Adding insult to injury, 88% of cyber insurance holders saw a significant increase in their premiums post-attack. 

You may never see your data again. 

Chances are that even if you pay the ransom, your data is gone forever. in a survey of 1,263 companies hit by ransomware, 46% of the companies that paid off the cybercriminals got their data back, but much of it was corrupted.  An estimated 66% of organizations that pay the ransom are able to recover their data at least in part. Another 34% of companies that pay the ransom never see their data again. Even if you opt to pay off the bad guys, there’s no guarantee that your data won’t be copied or damaged. In 4% of cases, organizations paid up but still couldn’t retrieve their data, either because of a faulty decryption key or because the cybercriminals simply took the money and disappeared. 


A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>


Paying Extortionists Doesn’t Pay Off 


Instead of paying extortionists over and over again, put strong security in place to prevent ransomware attacks from landing on your company.  

Security Awareness Training 

 CISA recently recommended that companies step up their security awareness training programs to combat the current flood of ransomware threats.  It’s the right move to make – 84% of businesses in a recent survey said that security awareness training has reduced their phishing failure rates, making their employees better at spotting and stopping phishing.   

BullPhish ID is the perfect solution to use to make that happen!  

  • A huge library of security and compliance training videos with 4 new lessons added a month! 
  • Choose from plug-and-play or customizable phishing training campaign kits 
  • Automation makes training painless for everyone1 

Watch Out for Dark Web Danger 

Cybercriminals can do a lot with a compromised credential, like steal data and deploy ransomware. Compromised credentials are easy to obtain on the dark web and they open so many doors. An estimated 60% of data breaches involved the improper use of credentials in 2021. 

Dark Web ID is the answer.

  • 24/7/365 monitoring using real-time, analyst validated data 
  • Monitoring of business and personal credentials, including domains, IP addresses and email addresses 
  • Gain priceless peace of mind about dark web dangers 

Are your credentials out there right now? CHECK YOUR PASSWORD >> 


Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>