Cyber money heist: Why companies paying off hackers fuels the ransomware industry

80 PER CENT OF VICTIMS PAY RANSOM

Analysts told CNA that it is common for companies to pay up in a bid to protect their data, with Forbes reporting about 80 per cent of 1,200 victims surveyed decided to do so.

More than 72 per cent of businesses were affected by ransomware attacks as of 2023, Mr Backer told CNA, noting that it was an increase from the previous five years and was by far the highest figure reported.

Predictions also indicate ransomware will cost victims roughly $265 billion annually by 2031, he added.

“In the heat of the moment and with pressures mounting, the decision to pay a ransom is definitely not an easy one,” said Mr Flores.

“Many choose to opt for this route for a few reasons, with the most common one being faster recovery time. With business operations and continuity at stake, paying the ransom and obtaining the decryption tool in return is sometimes the quicker option to resume activity.”

According to media reports in 2019, ride-hailing platform Uber allegedly paid a US$100,000 ransom and had the hackers sign non-disclosure agreements in exchange for the payment.

This shows that organisations are worried, noted Mr Backer.

Regarding banks like ICBC paying ransoms, he said such information is not usually disclosed to the public due to the sensitive nature of the incidents.

“Many organisations, including banks, may not disclose this due to concerns about reputation, legal implications, and the encouragement of further attacks.”

However, Dr Kerrison noted that the intention behind companies paying ransoms “might not always be to keep it a secret”. 

“Rather, it’s the best option available to them in the circumstances,” he said.

Mr Backer added that claims by attackers should be “treated with caution” as they might not always accurately reflect the reality of the situation.

Analysts also told CNA the rise of the ransomware-as-a-service (RaaS) model is one of the driving factors in the increase in ransom payment.

“RaaS made it possible for low-skilled cybercriminals to join the illicit industry ultimately contributing to the surge in the number of victims,” said He Feixiang, an adversary intelligence research lead at Group-IB.

The RaaS business model allows individuals to develop and distribute ransomware, paying the affiliates for successful attacks using their ransomware, he noted.

In addition, analysts said collaborations among ransomware groups, encryption-less attacks and cryptocurrency services also allow more hackers to target companies and facilitate their movements, driving up the number of ransom cases.