A report by ThreatTrack found that at least 30 percent of companies would agree to pay ransom or would negotiate in case their data is held hostage by cybercriminals. The report focuses on data held captive by so-called ransomware but also on attackers that threaten to publicly release sensitive data. Interestingly, firms that have been extorted before by cybercriminals are more likely to pay, the number jumps to 55 percent when looking exclusively at companies that have been hit by similar incidents in the past.
It's unknown how many companies actually suffer an extortion scheme, with many companies likely not reporting issues to the public or to law enforcement, said Stuart Itkin, SVP of ThreatTrack. Cyber extortionists are becoming better skilled, so trying to figure out how to negotiate with them is a struggle.
Most ransomware infections tend to occur when an employee opens a malicious file using a phishing or spear-fishing tactic. However, the release of personal data of employees and customers leads to possible extortion, so companies are anxious to resolve problems quickly and quietly.