Many firms say they wouldn't pay ransomware if they had to disclose it publicly

Ransomware
(Image credit: Shutterstock)

A majority of IT security pros say they would think twice about paying a ransom demand following a cyber-attack if they had to do so publicly, a new report has found.

Surveying 1,500 IT security decision-makers, Venafi found more than a third (37%) would pay following a ransomware attack. However, more than half (57%) would change their mind if they had to make a public declaration report on the payment. 

There are numerous reasons why the industry feels this way, Venafi notes, but almost a quarter (22%) said paying the ransom is “morally wrong”. In fact, two-thirds (60%) believe this type of threat should be likened to terrorism.

False sense of security

“The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know—these attacks are indiscriminate, debilitating and embarrassing,” said Kevin Bocek, vice president ecosystem and threat intelligence at Venafi. 

“Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing, that are built into security and development processes.”

More than three-quarters (77%) of the respondents are confident the tools they have can keep them safe from ransomware. At the same time, two-thirds (67%) of ITDMs from companies with 500+ employees suffered a ransomware attack in the past 12 months, rising to 80% for those with 3,000+ employees.

Finally, the study claims most firms don’t use security controls capable of breaking the ransomware kill chain early in the attack cycle. Even though email phishing is by far the biggest malware distribution channel, just 21% restrict the execution of all macros within Microsoft Office documents. 

Less than a fifth (18%) restrict the use of PowerShell using group policy, while just 28% require all software to be digitally signed by their organization before use.

The study comes as the US Senate attempts to finalize its Ransomware Disclosure Act, a bill that would require companies to report paying any ransom within 48 hours. 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back
Representational image of a cybercriminal
Should ransomware payments be illegal?
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
A computer being guarded by cybersecurity.
The impact of the cyber insurance industry in resilience against ransomware
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does