DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Twente Maps Decision-Making Process for Ransomware Victims

Posted on January 24, 2024 by Dissent

The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led to a higher ransom paid. This was also the case for organizations that are insured against ransomware attacks.

The researchers used a two-step model: First, victims decide whether to pay the ransom or not. And second, if victims decide to pay, they determine the ransom amount to be paid. “Because we estimate the two steps simultaneously, the results are more reliable than previous scientific studies of ransom payments.”

Important Insights

Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.

“The insights highlight the importance for policymakers to focus on areas such as data exfiltration, the role of insurance and promoting recoverable backups. Implementing recoverable backups is an effective technology strategy to prevent criminals from deleting backups while they are in your systems.”

NOTE: From the full article, this other finding on backups may seem counterintuitive at first:

“Regarding backups, it seems that having recoverable backups leads to a lower probability of payment, observed in only 11% of cases. However, the average ransom paid per attack and the total ransom paid are higher compared to scenarios with other backup conditions. It is noteworthy that victims who lack backups generally pay lower ransoms than those who have backups that cannot be restored, with both the average ransom per attack and the cumulative amounts being lower. One plausible explanation could be that businesses holding data considered valuable enough for ransom payments are generally more likely to employ backup systems, compared to those with less valuable data. The Kruskal Wallis test with null hypothesis that all backups measures lead to same r ransom paid, results in KW=49.65, df=3, p-value<0.001. This indicates that having backups leads to more ransom paid.”


During Ecrime 2023 in Barcelona, ​​Tom Meurs’ paper received the prize for the best article .

The co-authors of the study are: Edward Cartwright (De Montfort University, UK), Anna Cartwright (Oxford Brookes University, UK), Marianne Junger (UT, BMS-IEBIS), Raphael Hoheisel (UT, BMS-IEBIS), Erik Tews (UT, EEMCS-SCS), Abhishta Abhishta (UT, BMS-IEBIS).

Source: University of Twente

via Politie.nl

Related posts:

  • The Ransomware Superhero of Normal, Illinois
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Ransomware Ransom Payments: A Geostrategic Risk
  • The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once
Category: Breach IncidentsCommentaries and AnalysesMalwareNon-U.S.Of Note

Post navigation

← Feds Charge Alleged ‘TLO’ Underground Data Broker
$2.4 trillion securities platform owner hacked. EquiLend admits “unauthorised access” →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Breaches have consequences (sometimes)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.