British companies are prepared to pay up to £136,000 on average to recover critical data taken hostage by ransomware. This is the outcome of the 2017 survey sponsored by Citrix UK, a company that provides collaborative, virtualization and networking products to facilitate mobile work and adoption of cloud services.
The survey covered 500 British companies with a minimum workforce of 250 employees. It follows a precedent launched by the same company a year ago. The average amount of the ransom payment was then £29,544. With the £136,000 pledged this year, there was an increase of 361 percent.
It should be made clear that these companies are complying with one of the major requirements of the authors of ransomware: receiving payments in bitcoins.
The 2017 survey shows that companies with more than 1,000 employees store an average of 23 BTCs in order to be able to mitigate any eventuality as soon as possible. Approximately 28% of these would store more than 30 BTC, the equivalent of £50,000, ready to satisfy any hacker requirements.
The 2017 survey also shows that the number of businesses with 250 to 500 employees who adhere to such practices increased by 14% compared to 2016. At the same time, The proportion of businesses with 250 to 500 employees who maintain funds in Bitcoins ready to be transferred to hackers is always greater than that of companies with more than 1,000 employees who also store bitcoins.
Taking into account that this poll initiated by Citrix last year already revealed that British companies were storing bitcoins to satisfy any hacker demands. It should not be surprised to review these figures upwards next year when we know that the ransomware WannaCry first hit the British.
But is the approach of setting aside funds to satisfy hackers the right one? The answer is no since the payment does not guarantee the restoration of the data. Rather, these funds could be used to implement better security policies.