More Likely If Sensitive Customer Data Is Captured
Businesses are more likely to pay a ransom if the adversary captures personally identifiable information (PII) such as Social Security numbers since the potential liability associated with the public release of that data is often greater than the ransom amount, according to Qualys President and CEO Sumedh Thakar.
However, if the stolen data is encrypted and of a less sensitive nature, Thakar said businesses can often work with their customers to provide visibility into what was taken and come up with a mitigation plan. Given that victims are dealing with criminal organizations, Thakar said it’s quite likely their data has already been shared with nefarious actors or is still being held by the hackers even if a ransom is paid.
As a result, Thakar said the ransomware group could leverage the victim data for another purpose a couple of months later if it finds itself strapped for cash. In addition, Thakar said ransomware attacks that successfully disable encrypted systems in industries like health care or critical infrastructure are more likely to result in payment since national security interests or human lives hang in the balance.