A law firm reports that a growing number of businesses are choosing to pay cybercriminals following ransomware attacks.
A 2024 survey conducted by international IT company Cloudflare revealed that out of 150 organisations, 44% of those targeted in the past two years ended up paying the ransom.
Jania Baigent, head of cybersecurity and data disputes at law firm Simpson Grierson, stated that there is a change in organisations’ attitudes toward paying ransoms in recent years.
“At Simpson Grierson there has been a complete change in the way people talk about it,” she told RNZ.
“Three or four years ago, many business owners wouldn’t admit to even considering paying a ransom. This would be in accordance with government advice: ‘Don’t pay; we don’t like paying criminal organisations, and it makes New Zealand a more attractive target to criminal organisations if you pay.'”
Baigent mentioned that Simpson Grierson has been receiving a growing number of requests from businesses seeking advice on handling ransomware attacks.
She said discussions are being engaged in by the clients about whether, in certain circumstances, making these payments might be in their organisation’s best interests.
The decision is entirely dependent on the situation the organisation is in and the assessment of the risk factors involved.
“Something to think about is who is making the threat, and experts are usually called in to assist at this stage to check the legitimacy of the threat actor and try as much as they can to make an assessment as to whether, if you make a payment, it will be effective.”
Businesses of every size are at risk of ransomware attacks. Stolen information might be sold on the dark web and cause major damage to the customers, employees, and the entire company.