Companies Prepared To Pay Up £690,000 Ransom To Avoid Cyberattack

Hackers blackmailing businesses are likely to find some companies willing to pay an extraordinary amount of ransom to prevent cyberattacks, according to a new report from the cloud security research body, The Cloud Security Alliance (CSA).

The discovery came from a more a wide-ranging survey conducted alongside Skyhigh Networks, which examined cloud security trends such as ransomware, the security skills gap and role of the CISO.

Willing Victims?

Among the key findings are that 24.6 percent of companies would be willing to pay a ransom to hackers to prevent a cyberattack and 14 percent would pay more than $1m (£691,000) to prevent a cyberattack.

The survey also found that the top barrier to stopping data loss in the cloud is a lack of skilled security professionals, yet despite this, cloud confidence is rising. Indeed, 64.9 percent of IT leaders think the cloud is as secure or more secure that on premises software.

“It’s shocking that so many companies are willing to pay even a penny’s ransom, and would trust hackers not to follow through with an attack,” said Nigel Hawthorn, Skyhigh Networks’ Chief European spokesperson.

“The idea that some would pay more than $1m is downright staggering,” said Hawthorn. “There are no guarantees at any price, and there is no way back once the payment is made.”

“Examples of companies refusing to pay up, such as Meetup.com, are few and far between,” he added. “As such, hackers are increasingly confident they can hold businesses over a barrel, that they can execute crippling cyberattacks and that most businesses would rather pay up than put up. There will be several high profile examples of ransomware in 2016, and countless unreported incidents on top of that.”

The report also reveals that by the end of 2015, the average European business now uses more than 1,000 cloud applications. Some companies use as many as 6,000.

Ransom Plague

The finding that many companies would be willing to pay a ransom is depressing news for many, including law enforcement officials.

Only this week police arrested at least one member of the notorious hacker gang DD4BC, which has been waging a two year extortion campaign against banks and businesses. DD4BC focused on attacking banks, media groups, retailers and gaming firms.

It would approach a victim and demand a ransom. Failure to pay a 50 bitcoin (£8,000) ransom often resulted in the victim’s server being bombarded in a DDoS attack.

Extortion and blackmail is unfortunately a growing problem for the online world. Last year Swiss bank Banque Cantonale de Geneve confirmed that hackers had publicly divulged confidential customer information after it refused to pay a ransom.

In June 2014, popular news aggregator service Feedly fought off a DDoS attack, hours after it refused to pay the blackmailer to stop the barrage.

Are you a security pro? Try our quiz!