Stumping up the cost of a ransomware demand might not be the cheapest way to get back your stolen data, new research has claimed.
According to a new Sophos whitepaper, the average cost of remediating a ransomware attack is approximately twice as much for businesses who pay a ransom to their attackers.
The security firm asked nearly 2,000 organizations whose data had been encrypted by a ransomware attack if they paid their attackers and what the total cost of addressing the incident had been. On average, respondents who paid up lost $1,450,000. Meanwhile, surveyed businesses that used other means of data recovery took a $730,000 hit.
The authors of the research accept that this finding is a little counter-intuitive, as paying a ransom should, theoretically, mean expensive downtime is avoided. However, the truth is that data restoration costs are likely to be the same whether you’re working from backups or files which hackers have released.
One explanation for the findings is that attackers don’t build ransom software which automatically restores every file once a single code has been entered. Consequently, data recovery costs still stack up after a ransom has been paid. Several decryption keys may be required and returning recovered file systems to their original states is often expensive and difficult.