Many organizations paying cybercriminals' ransoms are getting far less than what they bargained for, according to the 2018 Cyberthreat Defense Report.

Released by research and marketing firm CyberEdge Group, the report covered the results of a survey of 1,200 corporate IT security decision makers from companies across 17 countries.  Among the respondents, 77 percent suffered a cyberattack within the past 12 months, down slightly from the previous year.

Dealing with ransomware posed a particular challenge for many enterprises. The majority of respondents, 53 percent, did not pay the ransom, but were still able to recover their data. Meanwhile, 8 percent who did not pay were unable to recover any data. However, among those who did pay the ransom, there was an equal chance of recovering or losing the data completely—of the 39 percent that paid, 20 percent still lost their data, while 19 percent recovered it.

When asked how companies were able to recover data without paying a ransom, Steve Piper, co-founder & CEO of CyberEdge Group noted that it came down having data backup capabilities.

“If you back up your devices, when you're affected by ransomware and the ransomware locks the data, then you can just wipe the disk clean, reimage the disk and restore your data from backup and you're back to square one,” Piper said.

Not all companies, however, may have comprehensive data recovery processes in place. While some IT assets, such as “on-premise servers, virtual machines and databases” are frequently backed up, generally remote devices are not, he noted.

Globally, ransomware affected the most enterprises in Spain (80 percent), China (74 percent), and Mexico (72 percent). It also impacted slightly over half of all enterprises (53 percent) in the U.S. and just around half in the U.K.

While such attacks have been increasingly common at enterprises, they are also starting to affect law firms as well. In 2017, a ransomware attack shutdown computer and phone systems across DLA Piper's worldwide offices, with attackers demanding a ransom of $300 in Bitcoin to unlock each system.

The attack came just weeks after the worldwide WannaCry ransomware targeted a host of organizations, such as the UK's National Health Service and law firm Shutts & Bowen, which was able to successfully protect itself from infiltration.

In DLA Piper's case, cybercriminals were potentially asking for a potentially nominal amount. But paying such ransom can be more burdensome than just a financial fee.

Writing in Corporate Counsel, Paul Rosen, partner at Crowell & Moring and a former chief of staff of the Department of Homeland Security, noted that “even if you do engage with hackers, the files they return may be incomplete or corrupted.”

There is also the possibility that payment of a cyber ransom can incentivize further cyberattacks, as cybercriminals now know there is a willingness to pay. What's more, if a victim does pay, it may open itself up to monetary fines and legal liability should the cybercriminals be connected to a sanctioned criminal organization or a nation-state.

Rosen noted that “while the likelihood of a government enforcement action against a victim of a ransomware attack is generally low, especially where the same attack has affected a large number of victims and potentially the government itself, the risk exists.”

“This is particularly true because the sanctions regime is a strict liability—that is, you are potentially liable even if you did not know you were paying a sanctioned entity, which is all the more reason that preparation and prevention of a successful attack is critical,” he added.

But a victim that does not have backup data recovery systems in place and is completely locked out of much needed files may be left with little option but to pay.  In addition, some may pay to just to keep the incident, and any of its related consequences, secret.

Uber, for example, paid a ransom of $100,000 to hackers who stole the personal information from 57 million of their customers. Though the ransom was in part to keep the incident from becoming public, Uber is now under investigation from number of states and federal agencies for failing to disclose the breach.