Here are the realities of paying ransomware thieves
Q: A business associate’s organization was hit with ransomware; can they trust that they will get their data back if they pay the ransom?
A: The financial incentives for ransomware attacks are estimated to top $1 billion this year, which means that this lucrative cyber-crime is going to continue to grow.
2021 saw a 62% increase over 2020 in reported ransomware incidents according to the Cybersecurity & Infrastructure Security Agency and every expectation is that it will continue to grow in 2022.
To Pay or Not To Pay
Generally speaking, the question of whether you should pay the ransom or not has more to do with whether you have a secured backup to restore from or not.
Getting rid of the malware that allowed the attack to happen is pretty straightforward, so as long as you have a current backup that was not included in the attack, there’s no need to pay the ransom.
If you don’t have a backup to restore your data from, you’ll have to decide between spending your time or your money to get back up and running.
Ransomware thieves are hoping that the amount of time it would take to recreate the data is much more expensive than just paying the ransom.
The detrimental impact of paying the ransom is that it encourages the underworld to figure out how to expand their attacks because it pays well.
In many cases, an organization may have no choice but to pay the ransom, but that doesn’t guarantee that every file will be returned intact.
Statistically speaking, about one-third of ransomware victims pay the ransom, but the likelihood of complete recovery isn’t always the result.
When you pay the ransom, the thieves provide you with a ‘key’ to unlock the encrypted files, but there are complications beyond the key such as data corruption or unsophisticated encryption methods that can cause data to be unrecoverable.
I advise clients that are forced to pay the ransom not to expect a full recovery as there are many instances where only a partial recovery may be possible.
A recent survey published in Canada suggested that full recovery of your data was close to a 60/40 proposition. Of the respondents that paid the ransom, only 42% said they got full access to their data. 49% percent said they got a partial recovery with 7% saying they paid the ransom but got nothing at all.
Even if your organization has done a good job to ensure that it can recover from a traditional ransomware attack, there is another level of extortion that’s on the rise.
We’re seeing an increase in attacks that include the step of copying your data to a remote location as well.
This allows them to threaten to go public with sensitive information about your business and/or your employees in case you aren’t willing to pay to unlock your files.
Phishing scams targeting employees are still the most common method for starting a ransomware attack, so focusing on educating employees and securing your data with encryption or other forms of data protection are essential to avoid paying either form of ransom.