Join our subscribers
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
Thursday, April 24, 2025
Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
Reporting will remain an issue
Because of such payouts, Dr Ilia Kolochenko, CEO at ImmuniWeb and a Fellow at BCS, said that the report's figures were just the "tip of the formidable iceberg".
"A growing number of US companies prefer to silently 'settle' with cybercriminals, especially with those groups that have a good reputation and history of keeping their intrusions confidential after being paid," he noted.
There are rules against such payments, in some cases.
"Sometimes, such payments may be perfectly legal, for example, when no personal data, classified or confidential data of third party is stolen," Kolochenko said.
"Rules may be harsher for governmental entities, as in some states they are flatly prohibited from paying ransoms, or for publicly traded companies given that such incidents may be required to be reported to the SEC and publicly disclosed," he added.
"Possible violation of sanctions – when buying cryptocurrencies from decentralized exchanges and when actually paying the threat actor – are also non-negligible."
Kolochenko predicts more and more companies will choose to pay rather than face negative headlines about ransomware attacks.
"With the overall deregulation spirit of the President Trump administration, we will probably see a steadily growing number of organizations that will prefer to silently pay a ransom and forget about the incident." Read Full Article
Forbes: DOGE-Trolling Ransomware Hackers Demand $1 Trillion
The Register: Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year