Paying the ransom is still the most common response to a ransomware attack

Although progress has been made, organisations are still paying out.

  • 1 month ago Posted in

New research from Databarracks reveals 44% of organisations that suffered a ransomware attack, paid the ransom. 34% recovered from backups, while 22% used ransomware decryption tools.

The findings come from the Databarracks 2022 Data Health Check. Running since 2008, the annual report surveys over 400 IT decision-makers in the UK on Ransomware, Cyber, Backup, Disaster Recovery and Business Continuity.

Managing Director of Databarracks, James Watts commented: “From the perspective of the victim, it’s understandable why you might pay a ransom. You can’t service customers, you can’t take orders and losses quickly accumulate. The costs of downtime can quickly exceed the ransom.

“Organisations might think that by paying the ransom it resolves the problem more quickly so they can get back to business as usual. There are several reasons why this approach is flawed.

“Firstly, there’s no guarantee that you will get your data back. Secondly, it’s quite common for organisations to be attacked again once criminals know they are an easy target. Lastly, it sends the wrong message. By paying, you are indirectly encouraging the criminals, showing their tactics work.

“With the right preparation and guidance however, you can recover your data, and never have to pay the ransom.

“Patch and update systems regularly, train staff on spotting phishing emails, and maintain the principle of least privilege.

“Immutable storage and physical or logical air-gaps will protect backups from also being changed or encrypted. If you do suffer an attack, your backups are your last line of defence.

“When you need to recover, identify your most recent, clean recovery point and carry out isolated, sandbox recoveries. Check to make sure no further ransomware is present before starting the full restoration. Lastly, test your Disaster Recovery Plan so know the process and you are confident you can recover quickly and effectively.

“This year’s survey also showed a growing number of organisations have a policy for whether they would pay out on a ransomware attack. 68% of organisations had a policy in place, up from 54% last year. The data demonstrates an increasing awareness and better preparation for ransomware attacks.”

Agreement delivers Okta’s identity-first Zero Trust security solution to the channel in France, Spain, Portugal, Italy and Greece — a vital security tool in an era of remote work.
The new offering leverages Wipro’s recent acquisitions in the consulting space and brings clients an end-to-end solution at a time of heightened cyber risks.
Panzura has launched a new comprehensive data management solution for customers that work in sensitive data environments, such as public sector, healthcare, and financial services. Because the service makes both the snapshots and the data immutable, ransomware attacks can’t damage files in the Panzura global file system. Instead, attacks are shrugged off by quickly reverting to seconds-old data blocks to reassemble uninfected files. Through a new strategic agreement, this new solution, as well as all of Panzura’s other workloads, will run on Amazon Web Services (AWS).
Signings cover significant expansion in Philippines, Saudi Arabia, Poland, Czech Republic, Gulf States, Emirates, Middle East, North Africa, Cyprus and Turkey.
UK professional services organisations are subject to more than three cyberattacks every week, with 60% expecting the total number of successful attacks to increase over the next year.
The UK arm of international defence and security company, Leonardo, has selected Rizikon, Crossword Cybersecurity’s supplier assurance and third party risk management platform, to assist in their assessment of cyber risk in their supply chain.
Trend Micro has revealed that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.
Sophos has published its 2023 Threat Report. The report details how the cyberthreat landscape has reached a new level of commercialization and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service. The report also addresses how ransomware remains one of the greatest cybercrime threats to organizations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow.