Most Voters Say Ransomware Attacks Are a ‘Major’ Problem. But Whether Companies Should Pay Hackers Is Up for Debate

Amid a recent string of ransomware attacks that have affected hundreds of businesses and infrastructure, new polling from Morning Consult and Politico shows more than 3 in 5 voters consider such attacks on American businesses to be a major problem. But they are less certain about whether the companies should comply with the hackers’ ransom demands.

Sixty-three percent of registered voters said ransomware attacks on U.S. companies are a “major problem,” while 24 percent said the cyberattacks are a minor problem and just 2 percent said they’re not a problem at all. These shares were roughly the same among Democrats and Republicans.

The survey was conducted July 9-12, following a major ransomware attack during the Fourth of July holiday weekend on the Florida-based information technology firm Kaseya Ltd., whose chief executive said the hack impacted between 800 and 1,500 businesses worldwide. The Russia-linked hacking group REvil took credit for the attack, and the Federal Bureau of Investigation said the group is also responsible for a late May cyberattack on meat processing company JBS USA Holdings Inc.

Also in May, the cybercrime organization DarkSide used a ransomware attack to shut down operation of the Colonial Pipeline, disrupting gasoline services in multiple Southern and Eastern states and spurring panic-buying and gas station closures in major cities for several days.

Despite their agreement on the severity of ransomware attacks, voters were more divided on how impacted companies should address them. 

Colonial Pipeline Co. paid about $4.4 million in Bitcoin to resolve its ransomware attack, and JBS doled out $11 million in cryptocurrency to its hackers. REvil has demanded $70 million from Kaseya to unlock the computer systems affected by its cyberattack, though it remains unclear whether the company has paid or will pay the ransom. However, The New York Times reported Tuesday that REvil has apparently gone offline, though it is uncertain whether the group pulled the plug on itself or if an outside party forced its shutdown.

In the survey, just 5 percent said a company that experiences a ransomware attack should always pay the ransom to resolve it. Another 38 percent said the company should only pay the ransom if the attack has severely impacted critical goods and services, and 1 in 3 voters said companies should never pay ransoms to hackers. Among Democrats, a 42 percent plurality said the companies should pay if critical services are affected, while 2 in 5 GOP voters said the ransoms should never be paid.

The poll also indicates that voters are slightly more likely than not to lose faith in a company affected by a ransomware attack. 

Forty-five percent said they would have less trust in a company hit with a ransomware attack because “they were not prepared for the attack,” while 35 percent said their trust would remain the same because “it is not their fault they were the target of the attack.” One in 5 voters didn’t know or had no opinion on the matter.

The survey was conducted among 1,996 registered voters and has a margin of error of 2 percentage points.