Successful Ransomware Infections Surge to Record in 2020 as Victims Grow More Willing to Pay, Research Shows

As more and more ransomware victims recover their data by paying up, the extortion payments made to ruthless cybercrooks are motivating the ransomware industry, new research suggests.

A study by market research firm CyberEdge Group reveals that only 49 percent of ransom payers recovered their data in 2018. In 2019, however, that number rose to 61 percent. Today, 67 percent of ransom payers have reported recovering their data, according to the report.

The news is bad for the market. With an increasing number of victims willing to pay to recover their precious data and restore operations, cybercriminals are becoming incentivized to strike more often, and more efficiently. In 2018, 39 percent of ransomware victims paid the ransom. In 2019, that number rose to 45 percent. Today, as many as 58 percent of ransomware victims, from every industry, have paid ransom.

Following media reports that less than half of ransom payers recovered their data, cybercriminals slowly but surely started to realize that withholding the keys to the encrypted data – even after receiving ransom payments –was bad for business.

“Since then, data recovery rates for ransom payers have gone up,” CyberEdge researchers said. “Unfortunately, the increased likelihood for data recovery is motivating more organizations to pay ransoms, which in turn is stimulating growth of the ransomware industry.”

Again, the numbers seem to support these findings. In 2019, 56 percent of organizations were compromised by ransomware. In the three months since 2020 began, that number is already 62 percent, which the research firm calls “a new record.”

To combat ransomware and other cyber threats, the researchers advise organizations to invest wisely in solutions that “continuously discover and patch vulnerabilities [and uncover advanced threats using machine learning and artificial intelligence.”

“I also recommend organizations invest more in their people, including training and certification for IT security personnel and ongoing security awareness training for all employees. Never underestimate the value of the human firewall,” said Steve Piper, founder and CEO of CyberEdge Group.