UT maps decision-making processes of victims of ransomware

University of Twente has investigated the decision-making processes of victims forced to pay ransom following ransomware attacks. UT researcher Tom Meurs and his colleagues analysed data provided by the Dutch National Police and a Dutch incident response organisation on 481 ransomware attacks. They were able to show that organisations with recoverable backups were better able to avoid having to pay ransom. Data exfiltration led to higher ransom amounts paid. That was also the case for organisations insured against ransomware attacks. The researchers used a two-step system: First, the victims decided whether or not to pay the ransom. Second, in the event they did decide to pay, they determined the amount to be paid.