"Ransomware Victims Pay $700K in Extra Extortion Fees"

Researchers at CrowdStrike have discovered that a staggering 96% of ransomware victims that agree to their extorters’ demands are subsequently forced to pay additional fees amounting to hundreds of thousands of dollars. The security vendor’s 2021 CrowdStrike Global Security Attitude Survey was compiled from interviews with 2200 senior IT and cybersecurity decision-makers in the US, EMEA, and APAC. The researchers found that two-thirds (66%) of respondents had suffered at least one ransomware attack over the past year, with average payments increasing 63% over the year. They were lowest on average in EMEA ($1.3m), followed by the US ($1.6m), and highest in APAC ($2.4m).  The average demand from ransomware groups was $6m. One of the security researchers claimed organizations would be better off spending money on improving protective measures than actually paying the ransom.  On average, respondents estimated it would take 146 hours to detect a cybersecurity incident, up from 117 hours in 2020. Once detected, it takes organizations a further 11 hours to triage, investigate and understand a security incident and 16 hours to contain and remediate one. Some 69% of respondents said they suffered an incident because of staff working remotely.

Infosecurity reports: "Ransomware Victims Pay $700K in Extra Extortion Fees"