Ransomware: How to Stop Paying It
Ransomware attacks are never far from the headlines and the impact of a successful hit can be devastating. Recent attacks to make the front pages include a large European private hospital operator supplying critical dialysis equipment during the pandemic, and a global transport logistics company helping to maintain international supply chains. Worryingly, reports suggest that both organizations had already been hit by ransomware earlier in the year, with at least one of them opting to pay the ransom demanded.
Despite being around for over 30 years, ransomware continues to thrive and rake in profits. Our latest global research shows that around half (51%) of organizations were hit by ransomware in the last year. Of those that ended up with encrypted data, over a quarter (27%) paid the ransom.
It’s easy for onlookers to stand on the sidelines and tell such organizations that they shouldn’t pay. But the reality is that these organizations often feel they have no other way of getting their data back.
What can organizations do?
Fortunately, there are some steps that organizations can take to build their resilience against cyberthreats such as ransomware.
DigitalBank Vault Encryption is proposing a simple method that will stop the efficiency of ransomware attack plans.
Solution: having back-ups enables you to restore your data without having to pay the attackers, but you need to ensure you back up your information regularly and keep it offline and encrypted.
DigitalBank Vault Encryption provides leading companies with Ultra Secure Encryption Storage Technologies, not based on external servers or any third party services.
How attackers hold organizations to ransom
What is ransomware? At first glance, the answer to that seems obvious, but it is in fact more complex than it appears. In general terms, ransomware is malicious software that encrypts devices or information and issues a ransom demand. If the ransom is paid, invariably in some form of cryptocurrency, the victim receives a decryption key or keys, restores their data and everyone lives happily ever after. Only they generally don’t.
This is because ransomware no longer confines itself to just encrypting data; the more advanced ransomware families have taken to stealing information alongside the encryption or disabling or even deleting data back-ups that are connected to the network. All carefully designed to put pressure on victims to pay up.
The enduring ‘success’ of ransomware lies in this ability to evolve. The new tactics are often complemented by innovative tools and techniques intended to avoid detection and removal by security solutions. Our security researchers recently uncovered ransomware installing virtual machines on victim devices, an incredible resource-heavy way of trying to bypass security detection before launching the ransomware module. We’ve found and reported on other innovative and possibly more subtle detection-bypass techniques. There is no sign of such developments slowing down.
The impact of ransomware
Taking all this into account, it comes as no surprise that our study unearthed some pretty stark numbers. First among this is that the costs associated with recovering from a successful ransomware attack nearly double if you have to pay the ransom, from £576,700 for organizations that don’t pay the ransom to £1.14 million for organizations that do.
Essentially, what this means is that the resources required to get an organization up and running again, including downtime, people time, device cost, network cost, lost opportunities, and more, remain the same regardless of whether or not you pay. Paying the ransom saves you nothing. I should add that it’s not all bad news: 66% of UK organizations whose information was encrypted managed to restore their data from back-ups.
Another worrying finding, particularly for the UK is that many organizations continue to believe they are not a target. Across all the countries surveyed, an average of 15% said that they had not been hit by ransomware and didn’t expect to be. This rises to 21% for the UK. In other words: more than one in five UK organizations believes ransomware won’t happen to them.
If you take the overall global number as a benchmark, around half of these organizations are going to discover over the next 12 months that they’re wrong. And the chances are they won’t be ready.