Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run.
A survey by researchers at the security firm Proofpoint found that 33 percent of organizations infected with ransomware opted to pay the ransom.
But some 22 percent of those who paid a ransom said they never got access to their data locked up by the malware, and nine percent said they got hit with additional ransom demands after paying.
“Of those who paid the ransom, many soon learned an old lesson: there is no honor among thieves,” said the report from the California-based firm.
The researchers surveyed some 600 security professionals in seven countries and found that 65 percent of the organizations represented got hit by some kind of ransomware, which encrypts data on a system to make it inaccessible.
The latest report highlights growing concerns about ransomware infections, which have affected many organizations with aging computer networks.
“Healthcare organizations and state and local government entities were hit particularly hard in 2019,” the report said.
“Ransomware has the power to immobilize critical infrastructure and disrupt necessary (and even life-saving) services. An organization in this situation may conclude that paying the ransom is the most expedient — and cheapest — way to get up and running again.”
A separate report by the security firm Emsisoft found that at least 966 organizations in the US were hit by ransomware in 2019, at a potential cost in excess of $7.5 billion.