View All R&D Articles

Only Half of Ransomware Payments Resulted in Decrypted Files

March 21, 2018

A report from a leading research firm found a startling statistic for 2017: only half of ransomware victims who paid a ransom were able to successfully decrypt their files. These findings and others in the report offer even more incentive to confront and adapt to new security challenges in 2018.

The report came from CyberEdge, who surveyed 1,200 IT security professionals and is not affiliated with any security vendor.

Cyberthreat Defense Report 2018 by CyberedgeTheir 2018 Cyberthreat Defense Report is an attempt to understand the variety of threats faced by organizations that employ at least 500 people. The results showed that cyberattacks have become increasingly successful over the past five years (though, mercifully, the number of successful attacks is slightly down from last year).

Another illuminating trend is that the percentage of IT professionals who are optimistic about dodging successful attacks in the coming year went from 62 percent in 2014 to 38 percent in 2018. This can be viewed as pessimism or realism, but either way, it’s an acknowledgement of the great challenges ahead. Respondents listed application containers (like Docker or Rocket), mobile devices, and cloud infrastructure as the weakest links likely to be targeted by a cyberattack.

Malware (viruses, worms, trojans) was voted as the number one general threat to IT security for the second year in a row.

Second place was a tie between ransomware and phishing attacks. Given that many ransomware attacks were paired with worms and other malware (as well as phishing attacks), you can understand how big of a concern ransomware is for security professionals.

And it was not a rare phenomenon either. A surprising 55 percent of surveyed organizations were hit by ransomware in 2017. One area of good news was that many who refused to pay ransoms still recovered their data. Instead of buckling to cybercriminals, they worked to recover data from backups or simply dealt with the data loss. Almost 87 percent of victims who did not pay the ransom recovered their data anyway.

The scarier news was that only 49.6 percent of ransomware victims who paid the ransom were able to decrypt their data. This statistic should convince businesses and individuals of the importance of keeping current backups that are offline or in the cloud.

If a victim cannot recover backups, consulting a professional data recovery company is highly recommended. At, the recovery rates for ransomware cases are far higher than those in the CyberEdge survey. Knowing the landscape and having experience help ensure a successful recovery from a ransomware attack. Some strains have freely available decryptors, while others have coding issues that prevent even the attacker from decrypting files. Knowing which avenues to pursue saves time and increases the odds of a successful recovery.

Survey respondents listed “lack of skilled personnel” as the greatest barrier to defending against cyberthreats.

In past surveys, “low security awareness among employees” has topped that list, but a skilled personnel shortage has slowly climbed the ranks over the past five years. Poor security awareness still placed second as a barrier to IT security (which is concerning, given how long it’s been an issue).

Overall, the survey showed positive as well as negative trends. Many perennial threats remain: mobile devices and poorly trained employees continue to be security challenges. On the other hand, the number of successful cyberattacks decreased for the first time in five years and security budgets are higher than they’ve ever been. More than anything, the CyberEdge report reminds us that good IT security requires constant vigilance and adaptation to new threats.