Would you pay the ransom?

Paying the ransom is still the most common response to a ransomware attack. Although progress has been made, organisations are still paying out. Here’s more on ransomware attacks following new research from Databarracks.

New research from Databarracks reveals 44% of organisations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools.

The findings come from the Databarracks 2022 Data Health Check. Running since 2008, the annual report surveys over 400 IT decision-makers in the UK on Ransomware, Cyber, Backup, Disaster Recovery and Business Continuity.

Managing Director of Databarracks, James Watts commented: “From the perspective of the victim, it’s understandable why you might pay a ransom. You can’t service customers, you can’t take orders and losses quickly accumulate. The costs of downtime can quickly exceed the ransom.

“Organisations might think that by paying the ransom it resolves the problem more quickly so they can get back to business as usual. There are several reasons why this approach is flawed.

“Firstly, there’s no guarantee that you will get your data back. Secondly, it’s quite common for organisations to be attacked again once criminals know they are an easy target. Lastly, it sends the wrong message. By paying, you are indirectly encouraging the criminals, showing their tactics work.

“With the right preparation and guidance however, you can recover your data, and never have to pay the ransom.

“Patch and update systems regularly, train staff on spotting phishing emails, and maintain the principle of least privilege.

“Immutable storage and physical or logical air-gaps will protect backups from also being changed or encrypted. If you do suffer an attack, your backups are your last line of defence.

“When you need to recover, identify your most recent, clean recovery point and carry out isolated, sandbox recoveries. Check to make sure no further ransomware is present before starting the full restoration. Lastly, test your Disaster Recovery Plan so know the process and you are confident you can recover quickly and effectively.

“This year’s survey also showed a growing number of organisations have a policy for whether they would pay out on a ransomware attack. 68% of organisations had a policy in place, up from 54% last year. The data demonstrates an increasing awareness and better preparation for ransomware attacks.”

What is ransomware?

Ransomware is a type of malicious software that’s used to block you from accessing your own data. Cyber criminals use this software to encrypt the files on your system by adding extensions to the attacked data. They’ll then hold this data hostage until you pay the ransom to have it released.

Once the hackers have your data, there is no guarantee  that your data will be given back or decrypted, even if you meet their demands. There is also no guarantee that you will not be a target a second time around. Often, once an attack is made, the hacker will sell the details on to their associates to go after the victim again.

What if you’re a ransomware attack victim?

If your business is the victim of a ransomware attack, follow these four steps:

  1. Contain the breach by isolating all affected devices from other computers and storage devices. You should also disconnect these devices from the internet, turn off the WiFi and disable core network connections.
  2. Identify the breach so you know how to fix it. This should become apparent from the ransom note, but you may have to investigate further. To find out where the attack originated, you could try to geo-locate the logins from the network.
  3. Remove the malware and any back doors, close ports and reset passwords.
  4. Restore your network using any backups you have.

Once this has been done (or while it’s ongoing), you should notify any affected parties. If third party data has been compromised, you’ll need to inform everyone this affects. You may also need to tell your bank, and you should definitely report the incident to the police and your insurer.

 

View the online report here:

https://datahealthcheck.databarracks.com/2022/

Download the full report here:

https://www.databarracks.com/resources/data-health-check-2022