Over half of organisations would pay the ransom if they fell victim to a ransomware attack – despite repeated warnings that they shouldn’t encourage cyber criminal extortion.

Research by the Neustar International Security Council (NISC) found that six in ten organisations would pay cyber criminals for the decryption key in the event of a ransomware attack, according to its survey of 300 workers in ‘senior positions’.

That’s despite the likes of The White House, the UK Home Office, law enforcement and cybersecurity experts warning that paying the ransom should be avoided because it signals to ransomware operations that their extortion schemes work.

High profile victims of ransomware attacks who have paid ransoms recently include Colonial Pipeline, which paid over $4 million in Bitcoin to cyber criminals using DarkSide ransomware, while meat processor JBS paid $11 million in Bitcoin to criminals who compromised its network with REvil ransomware.

These incidents have seemingly forced business to take notice, with 80 percent of cybersecurity professionals surveyed for the research stating that more emphasis is being placed on protecting against the threat of ransomware.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

However, a quarter of respondents fear that their current security procedures might not offer full protection against ransomware threats, describing them as ‘somewhat’ or ‘very’ insufficient.

When it comes to ransomware, the best thing an organisation can do is prevent it becoming a problem in the first place. Cybersecurity procedures like applying multi-factor authentication across the network, applying security patches to protect against known vulnerabilities in a timely manner and regularly updating back-ups and storing them offline can help organisations prevent being disrupted by a ransomware attack.

By applying these sorts of protections, it makes it much less likely that organisations will feel the need to give into the extortion demands of cyber criminals.

“Companies must unite in not paying ransoms. Attackers will continue to increase their demands for ever larger ransom amounts especially if they see that companies are willing to pay. This spiral upwards must be stopped,” said Rodney Joffe, NISC chairman and fellow at Neustar.