In a recent article, Forbes concluded that “it doesn’t pay to pay“ a ransom because paying doesn’t guarantee you’ll get your data back. This conclusion comes from the strength of a survey commissioned across 30 countries, involving 5400 IT decision-makers in January and February this year.

The State of Ransomware 2021 survey reports that of all the medium-size organisations who paid a ransom, only 8% got their data back. In other words, a startling 92% didn’t get what they’d been promised after transferring the cash.

The survey also showed that 37% of respondents experienced a ransomware attack in the past year. Typically, the ransomware held users to ransom by encrypting their data or locking them out of their devices. The figure is down from 51% in 2020 and 54% in 2017 so that at least is encouraging.

What comes as a surprise is that MORE organisations decided to pay a ransom in 2021 than in 2020. The trigger for this response isn’t certain, but it points to the fact that best practices on how to respond to ransomware aren’t clear.

Anti-ransomware technology paying off

An encouraging finding is that the percentage of attacks where hackers succeeded in encrypting data is down 19% between 2020 and 2021. In the past year, this suggests companies have invested in their cyber security technology – no doubt as a result of teams having to work remotely, and of ransomware attacks being so common.

The State of Ransomware 2021 also reports that although more attacks targeted large organisations, presumably because they’re expected to have more money and are therefore a more lucrative target, one in three smaller organisations were hit.

Three things to do instead of paying a ransom:

1. Try and find out the name of the attack as there may already be a solution.
2. Report the attack to a cyber security expert, who may be able to decrypt the threat and regain access to your data.
3. Research latest ransomware removal tools, decryptors and solutions for backup and ransomware protection.

If you already have a comprehensive backup and cyber security solution you’re far less likely to have to do anything.

According to the survey, having trained IT staff who’re able to stop attacks is the most common reason some businesses feel safe from ransomware in the future.

No matter what you’ve got, the bottom line is that paying a ransom isn’t worth it – it only encourages attackers to continue. Instead, you can backup your data with an automated solution, and protect your system with a dedicated cyber security solution.