Don't pay Ransom to the Hackers
Paying ransomware does not guarantee your data back
According to European Union Agency for Law Enforcement Cooperation, better known as Europol, Ransomware is the biggest cyber threat on the Old Continent. After the attack, sophisticated code scans available documents and data - to encrypt them later on. The attacker can then ask for ransomware and blackmail the victim.
The number of companies and organisations experiencing these attacks is surprisingly high. According to global study CyberEdge, there has been an increase in effected organisations to 62 % in two years.
As a comparison, Flowmon Network has conducted a research last year in which third of respondents confessed to be affected by ransomware. The cloud users have not been exempted from the attacks either as 6 out of 10 successful ransomwares have been cloud attacks.
Why not to ask for more, when it goes well
It is worrying that due to high success attack rate, the ransomware amount is on ‘rapid rise’. Based on the research done by Atlas VPN organisation, year on year, this grows by 140 %; nowadays these equates to around 18,000 USD.
This can be explained by the increase in victims effected by the attacks who decide to pay. Whereas in 2018, according to Sophos survey, 38 % respondents confessed on paying the ransom in the last 12 months. Last year, it rose to 45 % and this year, the number is 57 %.
Although other research reports lower numbers, most victims decide to pay despite the advice against it. They are hoping to avoid shutdowns, costs associated with IT systems recovery or potential data loss.
Sometimes, the reason behind paying could be coming from Top management. Managers and entrepreneurs inclined to risk say that if they become the attack target, they will pay the ransom from backup security money, just to get the data back. Some hospitals and E&A Departments prefer to pay money even though they have backed up their data as it would take too long to recover the systems and would potentially interrupt the services.
To Pay or Not to Pay
This strategy is not always worth it. After the ransom is paid, either by Bitcoin or in a different way, only two thirds of organisations retrieve their lost data. Those refusing to pay, 85 % of respondents manage to get their data recovered.
Most non-payers’s successful data recovery could be due to sufficient backup data systems, so there is almost no motivation behind paying ransom.
Another bad news for those who are not afraid of ransomware attacks or consciously think they will ‘buy’ their encrypted data back, are at risk for repeated attack. One attack not only does not guarantee immunity, the future risk is much higher. Though, once hackers enter the system, they can leave ‘secret door’ to ensure re-entering again. Apparently, this has been confirmed to be happening.
Older research by Druva suggests and confirms that half of IT managers have experienced repeated ransomware attacks; and new research by Sophos reveals that this happens to most victims (sometimes twice a year). Companies and organisations, such as biggest European Hospital Operator Fresenius, logistic company Toll Group and tech company Pitney Bowes have all spoken publicly about the multiple attacks.
Lastly, it is important to realise that paying ransom is not helpful from a global perspective, as it increases hackers’ desire for more attacks.
What’s the recipe?
If we cannot rely on paying off the ransom, how can we protect ourselves against the vicious cyber threat? It is important to realise that ransomware gets into systems in all kinds of ways. Mostly via email with infected attachment, though Sophos shows that there is no ‘more prevalent’ vector of attack. Hackers are just testing out different techniques and if there is a loophole to be violated.
| How the ransomware got into the organization | Incidents Qty | Incidents % |
|---|---|---|
| Via a file download/email with malicious link | 741 | 29% |
| Via remote attack on server | 543 | 21% |
| Via email with malicious attachment | 401 | 16% |
| Misconfigured public cloud instances | 233 | 9% |
| Via our Remote Desktop Protocol (RDP) | 221 | 9% |
| Via a supplier who works with our organization | 218 | 9% |
| Via a USB/removable media device | 172 | 7% |
| Don't know | 9 | 0% |
| TOTAL | 2538 | 100% |
There is a call for a multilayered protection due to such attack diversity in infected systems.
Next on the list are training and education. According to Kaspersky research, around 37 % of employees do not know anything about ransomware despite being its victim. More than third of respondents expressed not knowing what to do if their personal data would be in stake and the employer would decide not to pay the ransom.