CrowdStrike says paying a cyberattack ransom does not guarantee crooks will not leak data or strike again – casting doubt on complying with such criminal demands.  

A survey of 1100 IT executives, including 100 in Australia, found 83% of ransom-paying victims had experienced another attack from the same or different hackers. 

And 93% found data was taken despite payment, while 45% could not recover all their data even after paying.

“Ransom payments provide neither security nor complete data recovery. The economics favour attackers that can collect payment while retaining stolen data for future exploitation, additional extortion attempts, or sale to other criminal groups,” cybersecurity platform CrowdStrike said. 

“Payment marks organisations as profitable targets rather than providing security.”

The average downtime cost for financial services victims was $US1.3 million ($1.98 million) per incident, and reputational damage affected more than one-third of all industry victims, the survey shows.

Legal and regulatory penalties affected almost one-quarter, as did publicly released or stolen data, creating competitive and compliance risks. 

“These costs compound over time. Reputational damage can affect customer acquisition and retention for years. Stolen data creates ongoing blackmail opportunities for attackers and competitive intelligence for adversaries. Regulatory penalties may trigger increased oversight and compliance costs that persist,” CrowdStrike said.

It says faster and more automated attack chains are reducing the time available for incident response and increasing pressure for rapid payment decisions, while multiextortion tactics increase complexity as attackers combine data encryption, data theft and supply chain threats into co-ordinated campaigns.

“Organisations face multiple simultaneous demands rather than simple encryption recovery, making payment negotiations more complex and outcomes less predictable,” the survey report says. “These are calculated business operators, with targeted organisations as entries in a revenue pipeline.”

Australian and New Zealand businesses overestimate their ability to recover from ransomware attacks, the survey shows. Only 9% were able to recover in less than a day, despite 86% being confident they could.

In financial services, 38% could recover within 24 hours.