According to a study released by ThreatTrack, if your company has been held for ransom by a hacker before, you’re more likely to pay up again. Once the middle school bully knows you’ll cough up your lunch money, he’ll just keep coming back.
The study found that 30% or respondents said that “they would negotiate with cybercriminals for the safe recovery of stolen or encrypted data; but that number jumped to 55 percent when asked of organizations that had been victims of cyber-extortionists before.”
Recently a school district in New Jersey was held ransom, the hackers demanding 500 Bitcoins, or roughly $123,000. Rather than paying the ransom the school district initiated an investigation and salvaged what they could from backups.
Some respondents argued that organizations should start preparing to be held hostage now, “twenty-three percent of all survey respondents, and 43 percent of those who’d already been cyber-extortion victims, said organizations should set money aside for the purpose of paying ransoms.” The study found that health care and financial services are the two industries most against paying cyber ransom, while the retail and telecom industries seemed to be more worried about how customers would react about hearing about a breach.