# The Dangers of Paying Ransomware Demands: A Closer Look at Repeat Attacks
In November 2019, the FBI and US-CERT jointly advised against paying ransom to hackers, citing concerns that such payments could embolden cybercriminals and worsen the prevalence of cybercrime. Instead, they recommended that victims seek guidance from law enforcement or cybersecurity experts.
## Alarming Trends Revealed in Cybereason’s Report
Cybereason’s latest ransomware report, titled ‘The Cost to Business Study 2024,’ uncovered concerning trends related to organizations that opt to pay ransom. According to the report, 78% of organizations that paid ransom found themselves targeted by a second file-encrypting malware attack, often by the same threat group responsible for the initial breach.
## Escalating Demands and Repeat Attacks
In subsequent attacks, the demand from threat actors tends to increase, with victims facing a minimum 20% hike in ransom fees compared to their previous payment. Shockingly, over 56% of organizations experienced repeat attacks within the past 24 months. This cycle of ransom payments and subsequent attacks creates a vicious circle for the victims.
## Does Cyber Insurance Cover Repeat Ransomware Attacks?
The question of whether cyber insurance covers repeat ransomware attacks largely depends on the specific policy provisions and premium agreements. While most policies include coverage for a single ransomware attack recovery, subsequent incidents may not be covered. It is crucial for CTOs and CIOs to carefully review the terms of their cyber insurance policies to understand the extent of coverage provided.
## Key Points:
– Paying ransom to hackers can lead to repeat attacks and escalating demands.
– Organizations need to carefully review their cyber insurance policies to determine coverage for ransomware attacks.
– Seeking guidance from law enforcement and cybersecurity experts is recommended instead of paying ransom.
In conclusion, the risks associated with paying ransom to cybercriminals are significant, as evidenced by the findings in Cybereason’s report. Organizations must take proactive steps to strengthen their cybersecurity defenses and carefully assess their cyber insurance coverage to mitigate the risks of repeat ransomware attacks.