Paying The Ransom — An Open Invitation For A Second Attack, 2022 Report Warns

ATTACK Simulator
3 min readJun 16, 2022
Paying The Ransom - An Open Invitation For A Second Attack, 2022 Report Warns

Whether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible to more attacks.

However, a new report warns that paying up is the worst thing you can do and paints an even bigger bullseye on your back.

What is ransomware?

Ransomware is a particular form of malware from cryptovirology, capable of causing great financial damage to victims. Hackers use this extortion software to encrypt your data, denying you access to your files or to your entire computer and providing you the decrypting key only in exchange for a ransom ranging from a few hundred to thousands of dollars.

Usually, the payments to cybercriminals are made through anonymous and untraceable methods, such as Bitcoin.

Ransomware is constantly being written and modified by its developers to avoid being detected by typical antivirus programs based on its signature.

Paying the ransom will only get you in more trouble

More often than not, paying the ransom will not bring you the desired results. Sure, you might have solved the problem in the short term, but you’ve just let the bad guys know that you’re a great target and that they can profit even more from attacking you again.

A staggering 80% of ransomware victims that paid were hit a second time.

This concerning ransomware statistic comes from Cybereason’s latest ransomware survey of 1,456 cybersecurity experts. The gated report (registration required) wrote that victims that chose to pay up were not only attacked a second time, but some of the data encrypted by the threat actors were rendered unusable due to corruption issues occurring during the decryption process.

“The fact that ransomware gangs strike so quickly a second and third time isn’t surprising, because they will try to profit in any possible way,” says Bill Keeler, senior director of global public relations at Cybereason. “Why not hit the same company, demand a higher ransom, and get paid?”

Why you should never pay the ransom

Although the FBI and the CISA (Cybersecurity and Infrastructure Security Agency) urge victims not to give in to paying the ransom, it still happens very often.

Cybereason researchers discovered that when it does, there are a number of ways in which a ransomware transaction can go wrong. Here are the most commons ones:

- The ransomware operators don’t honor their part of the deal to decrypt and restore the compromised data and affected systems.
- The stolen data became corrupted due to decryption issues and it’s no longer usable.
- The threat actors target companies in a region where paying the ransom by a business is a criminal offense, therefore the victim ends up paying not only the ransom but also legal charges.
- Paying the ransom encourages cybercriminals to target the same victim again since it’s a sure win.

Pay up and then brace for more attacks

68% of the respondents reported being hit again by a ransomware attack within the same month as the first. Moreover, almost 50% were attacked for the second time in just a few days.

“When I drill down deeper into the data, it is nearly 50 percent that were hit the second time in 1–7 days,” Keeler wrote.

In addition, 48% of the companies that paid a ransom said they had been breached twice by the same threat actors. Worse, in the second blow, “threat actors demanded an even higher ransom amount the second time around,” the report wrote.

Of those repeatedly targeted ransomware victims, 44% did not learn their lesson and ended up paying the ransom again during a separate ransomware attack. Of those that paid twice, 9% paid at least three times in separate new incidents.


Threatpost Paying Ransomware Paints Bigger Bullseye on Target’s Back

Cybereason Ransomware: The True Cost to Business 2022


Feature Image: Photo by Afif Kusuma on Unsplash

Hand drawn illustration vector created by freepik —

Hand drawn illustration vector created by pikisuperstar —



ATTACK Simulator

We’re a fresh startup that aims at creating a culture of security in every company by teaching security awareness through automated phishing simulations.