Ransomware payments made in half of global attacks

TOKYO – As ransomware attacks become more prevalent, more than half of targeted organizations in seven major markets have made payments, according to a recent survey.

About 2,400 of the 3,600 companies and organizations surveyed by US cybersecurity specialist Proofpoint faced a ransomware attack in 2020, with 52% paying the attacker in hopes of restoring access to the data. US entities paid 87% of the time, followed by 59% and 54% by UK and German companies. A third of Japanese targets have made payments.

In high-profile attacks in May on Colonial Pipeline, a major pipeline operator on the east coast of the United States, and Brazilian meat supplier JBS, the two companies admitted to making ransomware payments. The increasing severity of such attacks, affecting the ability of targets to operate, is a factor in the decision.

No Japanese company has disclosed a ransomware payment to date.

“A payment that materially affects the business would trigger a disclosure obligation,” explains Nobuhiko Kato, partner at Ernst & Young ShinNihon. “But smaller amounts can be treated as non-operational expenses, so they wouldn’t be noticed from the outside.”

Kenji Uesugi, chief researcher at the Japan Cybersecurity Innovation Committee, points out that “many payments can be made by small and medium-sized unlisted companies.”

The size of ransomware payments continues to increase. Payments averaged more than $ 312,000 globally in 2020, about triple the previous year, according to US cybersecurity firm Palo Alto Networks.

Companies targeted by ransomware attacks face sensitive decisions, such as consulting specialists.

“If a company pays without assessing the extent of the damage or the ability to recover without payment, management may be found to be in breach of their duty of care,” said Hiroaki Yamaoka, a cybersecurity legal expert.

Free payments encourage more ransomware threats, fostering conditions for cyberterrorism. Businesses are faced with the task of maintaining the latest cyber defenses while taking measures such as timely reporting to authorities and sharing information with industry trade groups.

Previous Drought Could Affect North American Meat Production for Years
Next Comments on Tax Laws (Third Amendment) Ordinance, 2021 - Business & Finance