DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Twente Maps Decision-Making Process for Ransomware Victims

Posted on January 24, 2024 by Dissent

The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led to a higher ransom paid. This was also the case for organizations that are insured against ransomware attacks.

The researchers used a two-step model: First, victims decide whether to pay the ransom or not. And second, if victims decide to pay, they determine the ransom amount to be paid. “Because we estimate the two steps simultaneously, the results are more reliable than previous scientific studies of ransom payments.”

Important Insights

Based on 481 ransomware attacks from the Dutch police and a Dutch incident response party, we arrive at a number of key insights: Insurance led to a 2.8x higher ransom amount paid, without affecting the frequency of payments. Data exfiltration led to a 5.5 times higher ransom amount paid, without affecting the frequency of payments. Organizations with recoverable backups were 27.4 times less likely to pay the ransom compared to victims without recoverable backups.

“The insights highlight the importance for policymakers to focus on areas such as data exfiltration, the role of insurance and promoting recoverable backups. Implementing recoverable backups is an effective technology strategy to prevent criminals from deleting backups while they are in your systems.”

NOTE: From the full article, this other finding on backups may seem counterintuitive at first:

“Regarding backups, it seems that having recoverable backups leads to a lower probability of payment, observed in only 11% of cases. However, the average ransom paid per attack and the total ransom paid are higher compared to scenarios with other backup conditions. It is noteworthy that victims who lack backups generally pay lower ransoms than those who have backups that cannot be restored, with both the average ransom per attack and the cumulative amounts being lower. One plausible explanation could be that businesses holding data considered valuable enough for ransom payments are generally more likely to employ backup systems, compared to those with less valuable data. The Kruskal Wallis test with null hypothesis that all backups measures lead to same r ransom paid, results in KW=49.65, df=3, p-value<0.001. This indicates that having backups leads to more ransom paid.”


During Ecrime 2023 in Barcelona, ​​Tom Meurs’ paper received the prize for the best article .

The co-authors of the study are: Edward Cartwright (De Montfort University, UK), Anna Cartwright (Oxford Brookes University, UK), Marianne Junger (UT, BMS-IEBIS), Raphael Hoheisel (UT, BMS-IEBIS), Erik Tews (UT, EEMCS-SCS), Abhishta Abhishta (UT, BMS-IEBIS).

Source: University of Twente

via Politie.nl


Related:

  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
Category: Breach IncidentsCommentaries and AnalysesMalwareNon-U.S.Of Note

Post navigation

← Feds Charge Alleged ‘TLO’ Underground Data Broker
$2.4 trillion securities platform owner hacked. EquiLend admits “unauthorised access” →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.