Revealed: UAE firms paid more than Dh5.1 million in ransomware

Dubai - 90% of firms that paid a ransom demand were hit again, says new report

By Waheed Abbas

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Wed 16 Jun 2021, 12:27 PM

Last updated: Wed 16 Jun 2021, 12:39 PM

Many companies in the UAE have paid more than $1.4 million (Dh5.1 million) in ransomware to regain access to their systems after cyberattacks in the past two years and 42 per cent of had to close down operations after the ransomware attack, according to a new report released on Wednesday (June 16).

Based on survey of around 1,300 security professionals, the study, conducted by Cybereason, found that ransom demands from the UAE firms are increasing as 63 per cent of businesses paid between $350,000 (Dh1.3 million) and $1.4 million as ransom and another 10 per cent paid in excess of $1.4 million.

The numbers of UAE firms paying ransom are 28 per cent higher than the global average.

The study found that 42 per cent of firms who had paid ransom were forced to close down, which is 16 per cent higher than the global average. While 29 per cent were forced to lay off employees due to financial pressure after the ransomware attack.

“Ransomware attacks are a major concern for organisations in the UAE and across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result,” said Lior Div, the Chief Executive Officer (CEO) at Cybereason.

Altogether, around 37 per cent UAE companies said they were hit by a ransomware attack in the last two years and a staggering 84 per cent of them paid the ransom, which is 24 per cent higher than the global average.

Data showed that 90 per cent of those firms who had paid ransom suffered a second ransomware attack, often at the hands of the same threat actor group, said Cybereason’s report.

Around 59 per cent of the organisations which opted to pay ransom to regain access to their encrypted systems found that some or all of their data was corrupted during the recovery process.

“Our survey findings underscore why, with the exception of cases where there is a threat to life, it does not pay to pay ransomware attackers. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks,” said Div.

“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business,” Div added.



More news from