Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Statistics Say Don’t Pay the Ransom; but Cleanup and Recovery Remains Costly

Businesses have lost faith in the ability of traditional anti-virus products to detect and prevent ransomware. Fifty-three percent of U.S companies infected by ransomware in 2017 blamed legacy AV for failing to detect the ransomware. Ninety six percent of those are now confident that they can prevent future attacks, and 68% say this is because they have replaced legacy AV with next-gen endpoint protection.

Businesses have lost faith in the ability of traditional anti-virus products to detect and prevent ransomware. Fifty-three percent of U.S companies infected by ransomware in 2017 blamed legacy AV for failing to detect the ransomware. Ninety six percent of those are now confident that they can prevent future attacks, and 68% say this is because they have replaced legacy AV with next-gen endpoint protection.

Thes details come from a February 2018 survey undertaken by Vanson Bourne for SentinelOne, a next-gen provider, allowing SentinelOne to claim, “This distrust in legacy AV further confirms the required shift to next-gen endpoint protection in defending against today’s most prominent information security threats.” This is a fair statement, but care should be taken to not automatically confuse ‘legacy AV’ with all traditional suppliers — many can also now be called next-gen providers with their own flavors of AI-assisted malware detection.

SentinelOne’s Global Ransomware Report 2018 (PDF) questioned 500 security and risk professionals (200 in the U.S., and 100 in each of France, Germany and the UK) employed in a range of verticals and different company sizes.

The result provides evidence that paying a ransom is not necessarily a solution to ransomware. Forty-five percent of U.S. companies infected with ransomware paid at least one ransom, but only 26% had their files unlocked. Furthermore, 73% of those firms that paid the ransom were targeted at least once again. Noticeably, while defending against ransomware is a security function, responding to it is a business function: 44% of companies that paid up did so without the involvement or sanction of the IT/security teams.

The attackers appear to have concluded that U.S. firms are the more likely to pay a ransom, and more likely to pay a higher ransom. While the global average ransom is $49,060, the average paid by U.S. companies was $57,088. “If the cost of paying the ransomware is less than the lost productivity caused by downtime from the attack, they tend to pay,” SentinelOne’s director of product management, Migo Kedem, told SecurityWeek. “This is not good news, as it means the economics behind ransomware campaigns still make sense, so attacks will continue.”

This is in stark contrast to the UK, where the average payment is almost $20,000 lower at $38,500. It is tempting to wonder if this is because UK companies just don’t pay ransoms. In 2016, 17% of infected UK firms paid up; now it is just 3%. This may reflect the slightly different approaches in law enforcement advice. While LEAs always say it is best not to pay, the UK’s NCSC says flatly, ‘do not pay’, while the FBI admits that it is ultimately the decision of each company. 

Paying or not paying, is, however, only a small part of the cost equation; and the UK’s Office for National Statistics (ONS) provides useful figures. According the SentinelOne, these figures show that in a 12-month period, the average cost of a ransomware infection to a UK business was £329,976 ($466,727). With 40% of businesses with more than 1000 employees being infected, and 2,625 such organizations in the UK, the total cost of ransomware to UK business in 12 months was £346.4 million ($490.3 million).

Clearly, although the number of UK companies actually paying the ransom is low, the cost of cleanup and recovery remains very high; making prevention a more important consideration than whether to pay or not.

Advertisement. Scroll to continue reading.

“Attackers are continually refining ransomware attacks to bypass legacy AV and to trick unwitting employees into infecting their organization. Paying the ransom isn’t a solution either — attackers are treating paying companies like an ATM, repeating attacks once payment is made,” said Raj Rajamani, SentinelOne VP of products. “The organizations with the most confidence in stopping ransomware attacks have taken a proactive approach and replaced legacy AV systems with next-gen endpoint protection. By autonomously monitoring for attack behaviors in real-time, organizations can detect and automatically stop attacks before they take hold.”

In 2016, SentinelOne began to offer a ransomware guarantee that the company backed with a $1,000 per endpoint, or $1 million per company pay out in the event they experience a ransomware attack after installing the SentinelOne product.

“We offered that program for the last two years and I am glad to share we were never required to pay,” Kedem told SecurityWeek. “SentinelOne products successfully protected our customers against even the WannaCry campaign that hit the UK pretty hard.”

The company has since stopped offering the guarantee, simply telling SecurityWeek that “the ransomware warranty is no longer available.”

Mountain View, Calif-based SentinelOne raised $70 million in a Series C funding round announced in January 2017, bringing the total amount of funding to $109.5 million.

UpdateAfter completing this article, SentinelOne (U.S.) has contradicted SentinelOne (Europe). Europe told SecurityWeek, “In short, I’m afraid the ransomware warranty is no longer available.” Today, SentinelOne (U.S.) says, “This is not true, the guarantee is still available.”

Related: Inside the Competitive Testing Battlefield of Endpoint Security 

Related: SentinelOne Enables IOC Search and Threat Hunting for Endpoints

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.