Negotiating with ransomware gangs works, survey finds
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Approximately half of the companies that paid a ransom to hackers last year ended up paying less than the criminals originally asked for, according to new Sophos data.
Why it matters: That's good news for companies worried about devastating losses from data-encrypting ransomware attacks.
The big picture: Even if hackers are getting paid less, they're still getting paid.
- Half of the 3,400 IT and cybersecurity leaders surveyed — all of whom faced ransomware attacks in the last year — said their companies paid hackers a ransom.
Yes, but: Law enforcement and security experts warn that paying hackers could further embolden them.
- It's also not a guarantee that hackers will follow through with their promises to decrypt systems or delete stolen data.
By the numbers: 53% of ransomware victims said their companies ultimately ended up paying less than the initial asking price.
- The median ransom demand dropped by one-third to about $1.3 million last year, down from $2 million the previous year.
- Meanwhile, the median ransom payment was cut in half in the last year, according to the data. Companies paid a median of $1 million, down from $2 million.
- Organizations bringing in more than $5 billion in annual revenue faced steeper price tags: Their average ransom demand was about $5.5 million.
Between the lines: Of the companies that paid less, 47% said they did so by actively negotiating with the hackers.
- Another 45% said the attackers also reduced their demands due to external pressures, such as law enforcement actions and bad press.
The intrigue: The percentage of companies that recovered from a ransomware attack after just one week grew to 53%, up from 35% in the previous year's data.
Go deeper: How a ransomware attack works
