Companies that work with a third-party incident response firm are the most willing to pay their extortionists, he found.
Having insurance coverage, or data exfiltrated in the attack, correlated with paying a higher ransom but not necessarily to paying a ransom in the first place.
The study led by Tom Meurs, a cybercrime researcher at the University of Twente, examined 382 ransomware attacks reported to Dutch police, as well as information provided by an incident responder on nearly 100 attacks.
The vast majority of the cases involved companies within the Netherlands, which has the world's 18th-largest economy.
Among 430 victims from 2019-2022, 28% reported paying a ransom, with the average amount just over €431,000 and the median €35,000.
Companies with insurance paid on average significantly higher ransoms, of €708,105 compared to $133,016.
Perhaps not surprisingly, in situations where ransomware actors exfiltrate data, companies are much more likely to pay ransoms - doing so in 40% of cases, compared to one-quarter of cases not involving exfiltration.
The average payment in those cases is more than 13 times higher, at approximately €1.2 million.
Companies who hired incident response firms were significantly more likely to pay a ransom, at just over half, compared with just 21% of companies who only reported incidents to the police.
Correction: A previous version of this article incorrectly said that data exfiltration increased the likelihood of a company paying a ransom.
It increases the amount of payment but does not correlate with a higher likelihood of payment.
'Significant security loophole' found in Google software container system.
Cybercriminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated.
James Reddick has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post.
He is also a radio and podcast producer for outlets like Snap Judgment.
This Cyber News was published on therecord.media. Publication date: Thu, 25 Jan 2024 01:29:04 +0000