[BreachExchange] Paying ransomware demands could double the cost

Destry Winant destry at riskbasedsecurity.com
Wed May 13 10:20:58 EDT 2020


https://www.itproportal.com/news/paying-ransomware-demands-could-double-the-cost/

Paying ransom fees in exchange for the release of company data
following a ransomware attack is not the cheapest way to solve the
problem, suggests a new report from cybersecurity firm Sophos.

In fact, according to a poll of 5,000 IT decision-makers, the cost of
recovery almost doubles if an organisation opts to pay the ransom.

The report states that, on average, businesses pay $730,000 to fully
restart their operations following a ransomware attack. Those that
paid ransom fees ended up spending $1.4 million on average to perform
the same process.

The reason for the disparity is, at least in part, due to complexity
associated with using decryption keys provided by the ransomware
operators.

“Often, the attackers may share several keys and using them to restore
data may be a complex and time-consuming affair,” explained Chester
Wisniewski, Principal Research Scientist at Sophos.

The company claims the public sector is least affected by ransomware,
while media, leisure and entertainment businesses were among the most
acutely affected.

In the majority of cases (56 percent), IT managers manage to restore
operations by using a backup. Meanwhile, one percent of business that
paid ransom fees subsequently failed to recover the stolen data.

“An effective backup system that enables organisations to restore
encrypted data without paying the attackers is business critical, but
there are other important elements to consider if a company is to be
truly resilient to ransomware,” added Wisniewski.

“Advanced adversaries like the operators behind the Maze ransomware
don’t just encrypt files, they steal data for possible exposure or
extortion purposes. Some attackers also attempt to delete or otherwise
sabotage backups to make it harder for victims to recover data and
increase pressure on them to pay. The way to address these malicious
manoeuvres is to keep backups offline, and use effective,
multi-layered security solutions that detect and block attacks at
different stages.”


More information about the BreachExchange mailing list