DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Twente Maps Decision-Making Process for Ransomware Victims

Posted on January 24, 2024 by Dissent

The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led to a higher ransom paid. This was also the case for organizations that are insured against ransomware attacks.

The researchers used a two-step model: First, victims decide whether to pay the ransom or not. And second, if victims decide to pay, they determine the ransom amount to be paid. “Because we estimate the two steps simultaneously, the results are more reliable than previous scientific studies of ransom payments.”

Important Insights

Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.

“The insights highlight the importance for policymakers to focus on areas such as data exfiltration, the role of insurance and promoting recoverable backups. Implementing recoverable backups is an effective technology strategy to prevent criminals from deleting backups while they are in your systems.”

NOTE: From the full article, this other finding on backups may seem counterintuitive at first:

“Regarding backups, it seems that having recoverable backups leads to a lower probability of payment, observed in only 11% of cases. However, the average ransom paid per attack and the total ransom paid are higher compared to scenarios with other backup conditions. It is noteworthy that victims who lack backups generally pay lower ransoms than those who have backups that cannot be restored, with both the average ransom per attack and the cumulative amounts being lower. One plausible explanation could be that businesses holding data considered valuable enough for ransom payments are generally more likely to employ backup systems, compared to those with less valuable data. The Kruskal Wallis test with null hypothesis that all backups measures lead to same r ransom paid, results in KW=49.65, df=3, p-value<0.001. This indicates that having backups leads to more ransom paid.”


During Ecrime 2023 in Barcelona, ​​Tom Meurs’ paper received the prize for the best article .

The co-authors of the study are: Edward Cartwright (De Montfort University, UK), Anna Cartwright (Oxford Brookes University, UK), Marianne Junger (UT, BMS-IEBIS), Raphael Hoheisel (UT, BMS-IEBIS), Erik Tews (UT, EEMCS-SCS), Abhishta Abhishta (UT, BMS-IEBIS).

Source: University of Twente

via Politie.nl

Category: Breach IncidentsCommentaries and AnalysesMalwareNon-U.S.Of Note

Post navigation

← Feds Charge Alleged ‘TLO’ Underground Data Broker
$2.4 trillion securities platform owner hacked. EquiLend admits “unauthorised access” →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.