The Ransomware Conundrum: Insights into Victims’ Payment Decisions

A recent study by Dutch researcher Tom Meurs from the University of Twente has uncovered factors influencing the likelihood of ransomware victims paying ransoms to cybercriminals.

The analysis utilized data from the Dutch police on 382 incidents and information from an incident response company on an additional 100 cases between 2019 and 2022. The vast majority of attacks targeted Dutch companies specifically.

Of the 430 victims during the specified period, 28% decided to comply with the hackers’ demands. The average ransom paid was just over €431,000.

Companies that engaged external experts were much more likely to pay—over 50% of cases, compared to 21% among those who only turned to the police.

Organizations with insurance coverage against ransomware attacks paid significantly larger amounts on average—about €708,000 compared to €133,000 for uninsured firms. However, having insurance did not affect the proportion of companies agreeing to the criminals’ terms: it was the same in both groups.

While companies with data backups were less likely to agree to pay a ransom, the amounts they spent were higher. This likely indicates that they possessed particularly valuable information, the loss of which was intolerable.

Especially influential in the decision to pay and the ransom amount were cases of data theft by the perpetrators. In these situations, the proportion of those who paid increased to 40%, and the average ransom was more than 13 times higher—around €1.2 million.

IT companies emerged as particularly lucrative targets, paying an average ransom of more than €268,000. This is attributed to the critical importance of their services to numerous clients.

The study identified several factors affecting victims’ behavior during ransomware attacks. The findings will assist both companies and law enforcement agencies in combating the escalating threat of ransomware attacks.