Skip to main content
Best News Website or Mobile Service
WAN-IFRA Digital Media Awards Worldwide 2022
Best News Website or Mobile Service
Digital Media Awards Worldwide 2022
Hamburger Menu




Cyber money heist: Why companies paying off hackers fuels ransomware crimes

About 80 per cent of affected firms have reportedly opted to pay hackers in a bid to protect their data, but one analyst tells CNA each ransom payment subsidises roughly nine future attacks.

Cyber money heist: Why companies paying off hackers fuels ransomware crimes

A person using multiple electronic devices. (File photo: iStock)

New: You can now listen to articles.
Sorry, the audio is unavailable right now. Please try again later.

This audio is AI-generated.

SINGAPORE: Companies that pay the ransom when cybercriminals hack their systems could validate the act and contribute to the growth and persistence of ransomware attacks, warned analysts.

The comments come after China’s biggest lender, the Industrial and Commercial Bank of China (ICBC), reportedly?paid a ransom to cybercriminals group Lockbit?after hackers breached the bank’s US unit.

"They paid a ransom, deal closed," a Lockbit representative told Reuters on Nov 13.

Lockbit, a ransomware group first seen on Russian-language cybercrime forums in January 2020, has been detected all over the world. In just three years, it has become one of the world’s top ransomware threats, targeting big corporations such as Boeing, Taiwanese chip giant TSMC, and the UK Royal Mail.

CNA spoke to cybersecurity analysts to find out why companies give in to hackers' demands and how paying off these cybercriminals is fuelling ransomware crimes.


Companies should refrain from paying hackers as it sets dangerous precedents for future targets and validates their criminal acts, cybersecurity analysts told CNA.

Besides "funding organised crime at best, and terrorism at worst", companies that pay the ransom reinforce hackers' effectiveness as a criminal tool of cyber-extortion, said Dr Steve Kerrison, a cybersecurity senior lecturer at James Cook University Singapore.

Paying the ransom might cause organisations to be perceived by cybercriminals as easy targets that are willing to comply with ransom demands, added Shahnawaz Backer, a senior solutions architect at tech security company F5.

"This might increase their likelihood of being targeted again."

He noted that the paying of ransom might lead to an "expansion of ransomware operations in the overall threat landscape" by increasing the financial incentive of such attacks.

"If attackers believe that organisations are willing to pay, they are more likely to target other entities."

This is apparent following a string of similar attacks by ransomware groups in recent months.

Lockbit, which claims some of this year’s biggest hacks, said that it has revised the way it tries to blackmail its victims because it is "unhappy with the revenue" it sees from ransom payouts,?Bloomberg News reported on Nov 16, citing a ransomware cybercrime researcher from Analyst1.

The researcher noted that many of the affiliates of the Russian-linked group were young and inexperienced in negotiations, leading to "inconsistent and often low ransom amounts that decreased overall revenue and set an unfavourable tone for future negotiations".

Lockbit's leaders reportedly created new rules and tactics which took effect on Oct 1 for hackers to follow when dealing with victims, according to Bloomberg News.


Each ransom payment subsidises roughly nine future attacks, noted?Ryan Flores from cybersecurity company Trend Micro, citing a study the company conducted with Waratah Analytics.

“This is the case despite only 10 per cent of ransomware victims studied paying their extorters,” said the senior manager of APAC threat research, adding that those same victims were found to be forced to pay more for each compromise.

"If a threat actor knows that companies are willing to pay the ransom, they may even escalate demands in future attacks."

Paying the ransom may also be "doubly damaging" as some ransomware groups have been known to proceed with their threats even after receiving the money from companies, noted?Dr Kerrison.

There is also no assurance that paying the ransom will result in the return of stolen data or prevent its potential leakage, said Heng Mok from cybersecurity firm Zscaler.

"This establishes a cycle of financial support for criminal enterprises and perpetuates the threat landscape," added the chief information security officer for Asia Pacific and Japan.

For example, US delivery company allegedly paid a ransom to attackers but had its customers’ data published as the payment received was not enough,?online publication Cybernews reported on Nov 15.

Meanwhile, Techwire Asia reported in April that 83 per cent of companies admitted to paying ransoms on more than one occasion.

The cost of recovery does not change even if a victim opts to pay the ransom, noted Mr Flores.

"There will still be a need for proper incident response, recovery, and implementation of security measures to prevent future breaches," he added.

"Paying a ransom drives the overall cost of the incident in that sense — the ransom cost and cost of recovery."


Analysts told CNA that it is common for companies to pay up in a bid to protect their data, with Forbes reporting about 80 per cent of 1,200 victims surveyed decided to do so.

More than 72 per cent of businesses were affected by ransomware attacks as of 2023, Mr Backer told CNA, noting that it was an increase from the previous five years and was by far the highest figure reported.

Predictions also indicate ransomware will cost victims roughly US$265 billion annually by 2031, he added.

"In the heat of the moment and with pressures mounting, the decision to pay a ransom is definitely not an easy one," said Mr Flores.

"Many choose to opt for this route for a few reasons, with the most common one being faster recovery time. With business operations and continuity at stake, paying the ransom and obtaining the decryption tool in return is sometimes the quicker option to resume activity."

According to media reports in 2019, ride-hailing platform Uber allegedly paid a US$100,000 ransom and had the hackers sign non-disclosure agreements in exchange for the payment.

This shows that organisations are worried, noted Mr Backer.

Regarding banks like ICBC paying ransoms, he said such information is not usually disclosed to the public due to the sensitive nature of the incidents.

"Many organisations, including banks, may not disclose this due to concerns about reputation, legal implications, and the encouragement of further attacks."

However, Dr Kerrison noted that the intention behind companies paying ransoms "might not always be to keep it a secret".?

"Rather, it's the best option available to them in the circumstances," he said.

Mr Backer added that claims by attackers should be "treated with caution" as they might not always accurately reflect the reality of the situation.

Analysts also told CNA the rise of the ransomware-as-a-service (RaaS) model is one of the driving factors in the increase in ransom payment.

"RaaS made it possible for low-skilled cybercriminals to join the illicit industry ultimately contributing to the surge in the number of victims," said He Feixiang, an adversary intelligence research lead at Group-IB.

The RaaS business model allows individuals to develop and distribute ransomware, paying the affiliates for successful attacks using their ransomware, he noted.

In addition, analysts said collaborations among ransomware groups, encryption-less attacks and cryptocurrency services also allow more hackers to target companies and facilitate their movements, driving up the number of ransom cases.


It is important to seek an expert’s opinions before deciding on a course of action, said analysts.?

"Ransomware, just like any software, is not perfect, so there may be paths to recovery, such as finding a way to decrypt data or deactivate the ransomware," said Dr Kerrison.

A ransomware attack is a long process that "lasts for days, if not weeks", said Mr He.

There are "multiple occasions" where related suspicious activities can be detected and effective interventions can be performed to stop the final data encryption and prevent data leaks, he added.

"Before the actual data encryption, cybercriminals need to get into the victim servers first. This is called initial access … Such initial access offers as well as the sale of corporate credentials can be detected proactively by threat intelligence experts."

Mr Heng and Mr Backer also said that companies should have a zero-trust framework in place where no one should be trusted by default.

Companies should adopt "a comprehensive response strategy to mitigate damage" if they want to avoid paying the ransom, said Mr Backer.

"Initial steps involve isolating and disconnecting affected systems to prevent further spread, activating an incident response plan, and identifying the specific ransomware variant," he added.

"Organisations also need to stop the attack’s primary vectors, slow its spread, and work towards reducing its impact."

Another option is to rely on data back-ups to restore data and minimise potential damage, added?Mr Flores.

"Despite the urgency of such an incident, it's critical to not act rashly," said Dr Kerrison, adding that companies should be mindful of regulatory obligations.

"Those thinking of paying a ransom should also consider whether doing so could be funding terrorism, which could land the company significantly more trouble than just the backlash from a ransomware-induced outage," he said.


Source: CNA/rc(rj)


Also worth reading


bbm bbm777 bong bong marcus free bet welcome bonus online casino Baccarat Dragon Tiger Red VS Black Mercedes & BMW Bull Bull for 100 Birds & Beasts Boom Red Packet Big & Small Andar Bahar 7 Up Down Win Three Cards Banker Bull Bull Cards Checker Bull Bull Bull Bull Brawl Texas Hold'em Mahjong 2P Pineapple Poker Rummy Teenpatti Super Fruits Slot Water Margin Duo Bao Candy Party DuoFuDuoCai Fortune Gods Fishing Fishing Joy Rocket Crash Lucky Dice Double Dice Mines HiLo Circle Plinko Keno Dragon Fishing Dragon Fishing II Cai Shen Fishing Five Dragons Fishing Fishing YiLuFa Dragon Master Fishing Disco Lucky Dragons Flirting Scholar Tang Winning Mask Wukong The Llama Adventure Formosa Bear Lucky Qilin Lucky Lion Moonlight Treasure Coffeeholics New Year Napoleon Four Treasures Open Sesame Banana Saga Mahjong Olympian Temple Crystal Realm Burglar Dancing Papa Chef-Doeuvre Lucky Miner Candy Land Crazy Scientist Super Dumpling Cash Man Lucky Phoenix Dragon King Magic Show Beauty And The Kingdom Guan Gong Winning Mask II OpenSesameII Flirting Scholar Tang II FortuneHorse XiYangYang Classic Mario Happy New Year Birds and Animals Beer Tycoon Super Super Fruit Crazy King Kong Cai Shen Bingo GoldRoosterLottery HappyLottery Reward Dealer Cock Fight Maya Run Panda Panda Zelda Mr. Bao Billionaire One Punch Man Dragon Warrior Dragon Guardians of The Galaxy Street Fighter China Rouge Star Wars Kingsman War of Beauty Daji Gems Gems Curvy Magician Mining Upstart Lucky Racing Fa Da Cai LuckySeven OrientAnimals TripleKingKong BirdsParty GoLaiFu DragonsWorld SuperNiubi EgyptTreasure Fortune Treasure PirateTreasure Mjolnir TreasureBowl GoldenDisco FunkyKingKong SuperNiubiDeluxe MinerBabe Moneybags Man DoubleWilds PopPopFruity Spindrift DragonsGate JungleJungle Spindrift2 LuckyDiamond Kong RexBrothers NinjaX Wonder Elephant MarvelousIV LanternWealth MayaGoldCrazy War Of Empires BigThreeDragons Boom Fiesta Blossom of Wealth Star Line Glamorous Girl ProsperityTiger BBQ Burger Book of Mystery Fortune Neko Elemental Link Fire Elemental Link Water CooCoo Farm CAISHEN COMING FRUITY BONANZA Rooster In Love Monkey King Fire Bull Wealthy Fuwa Inca Empire Ninja Rush Chef Panda Sun Archer Legendary5 Mystery of Ninetails TongbiNiuNiu QiangZhuangLiuNiu TongbiLiuNiu Six Gacha JumpHigh RaveJump JumpHigher Jump High 2 LuckyBats FlyOut Good Fortune God of War Zeus DiscoNight Move n' Jump DiscoNight M jumping mobile FaCaiShen THOR RaveJump2 Wolf Disco Fire Queen Six Candy Good Fortune M ZhongKui Fa Cai Shen2 GuGuGu 5 God Beasts Fire Chibi 2 Snow Queen God of War M WaterWorld Chameleon SoSweet Flower Fortunes Flying Cai Shen Wheel Money Kronos Double Fly TreasureBowl Mr.Rich Gu Gu Gu 3 Zeus M Golden Eggs Fa Cai Shen M Super5 HappyRichYear Hephaestus Fa Cai Fu Wa Ne Zha Advent Fire Chibi Shou-Xin LuckyBats M Running Animals Wolf Moon OrientalBeauty Funny Alpaca 5 Boxing VampireKiss Apollo Fire Chibi M RaveJump2 M SkrSkr Diamond treasure Apsaras Dragon Heart YuanBao HotSpin TreasureHouse 777 Sky Lanterns The Beast War GreatLion FruitKingII 888 Thor 2 RedPhoenix Gold Stealer RunningToro Fire777 Ecstatic Circus All Wilds Meow Detective Dee2 Poseidon WonWonWon BigWolf Boots of Luck Fortune Spirits Lucky 3 LuckyFishing Paradise Oneshot Fishing Lord Ganesha Dragon’s Treasure Jungle Party Cricket Fever Fortune Dragon Alice Run Money Tree Thai HILO Da Hong Zhong Hanuman Bingo Aladdin's lamp Dollar Bomb King Kong Shake Ganesha Jr. Dragon Koi Hot DJ Coin Spinner Hero Fishing Greek Gods Thai Fish Prawn Crab Lucky Tigers Mr. Miser Mummy's Treasure The Chicken House Myeong-ryang 888 Cai Shen Night City Seotda Funky Bingo Treasure Pirate Baccarat Boat of Fortune Football Star Deluxe Ladies Nite 2 Turn Wild Rugby Star Deluxe A Dark Matter Long Mu Fortunes 9 Masks of Fire Break Away Lucky Wilds Lucky Twins Jackpot Ping Pong Star Zombie Hoard Win Sum Dim Sum Wild Scarabs Wild Orient Wicked Tales: Dark Red What A Hoot Wacky Panda Untamed - Giant Panda Treasures of Lion City Treasure Palace Tomb Raider Titans of the Sun - Theia Titans of the Sun - Hyperion Tiki Vikings Tiger's Eye