Build IT resilience to avoid paying ransomware demands | #ransomware | #cybercrime


When it comes to ransomware, it might seem like giving in and paying the ransom is the quickest fix. Luckily for today’s businesses, there is a better alternative to forking over money to cybercriminals who might not even give the data back.

Ransomware is among the most common types of cyberattacks that can strike organizations of all sizes across nearly every industry. A ransomware attack could come via any number of different attack vectors, including phishing, social engineering, or exploiting known or zero-day vulnerabilities.

In a ransomware attack, the perpetrator uses malware to encrypt a user’s or organization’s data. The attacker then holds that data for ransom, demanding that the victim pay a fee to receive the decryption key.

All ransomware victims are faced with the same question: To pay or not to pay? Instead of considering payment, a better approach is to build up the organization’s resilience early to avoid the need to pay a future ransomware demand. A strong business continuity and disaster recovery (BCDR) strategy builds the resilience that organizations need to avoid and mitigate ransomware attacks.

This article will discuss ransomware trends and the costs associated with bolstering resilience as an alternative to payment. It will also outline the pros of a strong resilience plan vs. the cons of paying the ransom.

Recent ransomware trends

In recent years, ransomware has evolved to become a particularly impactful type of cyberattack. Available ransomware statistics show a few key trends:

  • Supply chain attacks. Attackers target single points to affect multiple organizations.
  • Triple extortion. Beyond encryption, attackers now exfiltrate data and threaten public release for additional leverage.
  • Ransomware as a service. Prebuilt malware infrastructure enables less technical criminals to launch sophisticated attacks.
  • AI-enhanced phishing. Generative AI is making phishing emails more convincing and harder to detect.

Overall, the financial effects of ransomware are a growing concern. Average ransom payments surged by 500% from $400,000 in 2023 to $2 million in 2024. U.S. ransomware attacks increased by 149% in early 2025, with 59% of organizations affected in 2024. Total ransom payments in 2024 reached $813.55 million globally.

Has a reluctance to invest in DR changed to a reluctance to pay attackers?

There has long been a challenge faced by IT teams to secure management buy-in for disaster recovery investment. Limited financial support is a frequent problem for IT professionals in this area, since business continuity and disaster recovery planning doesn’t necessarily have an immediate return on investment. In addition, BCDR preparation can be an expensive process.

With the increasing costs associated with ransomware, however, there is a somewhat growing shift in perception and attitudes. BCDR planning can, in many cases, help mitigate or lower the risk of a ransomware incident by building up organizational and IT resilience. Doing a cost-benefit analysis could potentially show that increased BCDR investment is less costly than ransomware payments.

Organizations are discovering that the cost equation strongly favors proactive investment over reactive payments. Despite advice to not pay the ransom, 51% of organizations that suffered a ransomware attack paid the fee, according to Ponemon Institute’s 2025 “Global Cost of Ransomware Study” report. But even more telling is the recovery reality: Only 13% of those organizations that paid the ransom recovered all their data.

The shift in thinking reflects growing awareness that ransom payments represent a poor business decision. According to Chainalysis’ “2024 Crypto Crime Report,” ransomware victims are increasingly demonstrating greater resistance to paying ransoms, widening the gap between demands and payments. This resistance is driven by mounting evidence that paying ransoms doesn’t guarantee successful recovery — and often invites repeat attacks.

Cost breakdown: Ransomware recovery vs. BCDR planning

Financial analysis reveals compelling evidence for prioritizing resilience over payments.

The simple reality is that in any ransomware incident, even if the ransom is paid — and even if the attackers return the data — paying the ransom is only one part of the recovery cost. An analysis conducted by security vendor Check Point reported that the total cost of a ransomware incident could be as much as seven times more than the actual dollar amount of the ransom.

In addition to potentially paying a ransom, other costs that can be incurred because of a ransomware attack include the following:

  • Operational downtime.
  • Lost productivity.
  • Investigation costs.
  • Legal costs.
  • Incident recovery.

The true cost of a ransomware attack extends far beyond the ransom itself, which emphasizes the importance of resilience planning and investment. The cost of a ransomware incident is not typically something an organization will have as part of budget planning, and the effects of those costs can be significant. In contrast, BCDR can be a fixed and properly costed line item, coming in at approximately 1% to 3% of an IT department’s budget.

Aspect Ransomware recovery DR planning
Average cost
  • Not budgeted.
  • Average ransomware payment is $2 million.
  • Additional costs due to incident recovery and operational disruption.
1%-3% of IT budget.
Downtime effects Could potentially mean a loss of millions per hour for critical industries. Minimized through preparedness.
Long-term costs High; especially with multiple attacks. Lower; prevents future incidents.
Guarantee of recovery? No, only 8%-14% recover all data after paying. High likelihood, with tested backups and plans.

Consequences of paying attackers

Paying the ransom demanded by a cyberattacker might seem like the right answer for an organization that just wants to pay and get its data back. But that’s not necessarily the right choice, since paying ransomware demands carries significant risks that extend beyond immediate financial costs.

No recovery guarantee

Even if a ransom is paid, there’s no assurance that attackers will restore encrypted data or delete stolen information.

Repeated targeting

Demonstrating a willingness to pay often makes an organization a repeat ransomware target.

Fueling criminal activity

Every ransom payment funds cybercriminal operations, enabling attackers to develop more sophisticated malware and continue targeting other victims.

Legal and regulatory risks

Some jurisdictions and industries don’t allow ransomware payments to be made, and paying can lead to regulatory penalties.

Benefits of investing in resilience over making payments

Building organizational resilience offers numerous advantages over making reactive ransom payments. And unlike paying a ransom, there are no real downsides to strengthening resilience efforts.

Predictable costs

Resilience planning involves known, budgeted expenses rather than unpredictable ransom demands.

Broader protection

A complete resilience strategy protects against multiple types of IT risks, not just ransomware.

Faster recovery

Organizations with proper backup and recovery systems can typically restore operations more quickly.

Regulatory compliance

Many industries require that specific BCDR measures are in place to meet compliance needs.

Employee confidence

Investing in resilience prepares organizations with well-defined and tested incident response procedures, reducing confusion when incidents occur.

Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.



Source link

.........................

National Cyber Security

FREE
VIEW