According to the CrowdStrike Global Security Attitude Survey, 2021, security vendors compiled multiple interviews, which took place between 2,200 cybersecurity executives and top IT decision-makers in the United States, EMEA (Europe, Middle East and Asia ), and across the APAC (Asian Pacific). More than two-thirds (66%) of those surveyed had experienced a Ransome attack in the previous year, with a 63% increase in average payments over the year.
It was the lowest in EMEA ($1.3m), followed by the US ($1.6m) and highest in APAC ($2.4m). The demand from the ransomware groups was $6m. The crowd strike claimed the gulf, and the difference between this amount and what the victims end up paying is very much due to different organizations getting better at negotiating and understanding their risk exposure.
Moreover, the ransomware extorters and threat actors plan to recoup funds in other ways, such as extorting the same victims more than once and for the same assault. According to reports, these extra payments cost victims an average of $792,493.
Infosecurity mentioned that Zeki Turedi, who is Crowdstrike’s EMEA CTO, once stated that one of the biggest mistakes that fall victim to a ransomware attack is believing that paying the ransom will make all problems disappear. It also puts them at risk of being caught in another ransomware attack in the future since they will require time to fully recover from such a devastating occurrence, which will feed any cybercriminal system. The respondents estimated that it would take over 146 hours to detect a cyber security incident.
Once such an attack is detected, it takes 11 hours to triage and investigate a security incident and more than 16 hours to contain and remediate one. Some stated that such incidents happened only because the staff was working remotely.
By – Sharanya
(Content Writer, WCSF)