New research conducted by Dutch specialist Toma Meresa from the University of Twente has revealed the factors influencing the likelihood that victims of ransomware attacks will pay the ransom to attackers.
The study analyzed data from the Netherlands police on 382 incidents and information from companies responding to incidents in about 100 cases between 2019 and 2022. The majority of attacks targeted Dutch companies.
Out of the 430 victims during this period, 28% decided to make concessions and pay the hackers. The average ransom amount paid was just over 431,000 euros.
Companies that sought help from third-party specialists were much more likely to agree to pay the ransom, with over 50% of cases compared to 21% among those who only contacted the police.
Organizations with insurance coverage for extortionist attacks paid significantly higher ransom amounts, averaging about 708,000 euros, compared to 133,000 euros for uninsured firms. However, the presence of insurance did not affect the proportion of companies willing to agree to the attackers’ conditions.
While companies with data backups were less likely to pay the ransom, the amounts they spent were higher, possibly due to the valuable nature of the information they possessed.
The decision to pay and the size of the ransom were particularly influenced by cases involving data theft by attackers. In these situations, the percentage of payers increased to 40%, and the average ransom size was over 13 times higher at approximately 1.2 million euros.
IT companies proved to be the most attractive targets, paying an average of over 268,000 euros due to the critical importance of their services to many customers.
The study has identified several factors that influence the behavior of victims in ransomware attacks. The findings will assist both companies and law enforcement agencies in combating the growing threat of extortion attacks.