Paying the ransom doubles cost of recovery

Issue 4 2020 Editor's Choice

Sophos announced the findings of its global survey, ‘The State of Ransomware 2020’, which reveals that paying cybercriminals to restore data encrypted during a ransomware attack is not an easy and inexpensive path to recovery. In fact, the total cost of recovery almost doubles when organisations pay a ransom. The survey polled 5000 IT decision makers in organisations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.

More than half (51%) of organisations had experienced a significant ransomware attack in the previous 12 months, compared to 54% in 2017. In South Africa, 24% of the organisations surveyed mentioned a ransomware attack in the last year and 44% of the surveyed organisations expect a ransomware attack in the future. Globally, data was encrypted in nearly three quarters (73%) of attacks that successfully breached an organisation, while in South Africa, it was 56%.

The average cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was more than $730 000. This average cost rose to $1,4 million, almost twice as much, when organisations paid the ransom. More than one quarter (27%) of organisations hit by ransomware admitted paying the ransom.

“Organisations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair,” said Chester Wisniewski, principal research scientist, Sophos.

More than half (56%) of the IT managers surveyed were able to recover their data from backups without paying the ransom. Globally in a very small minority of cases (1%), paying the ransom did not lead to the recovery of data. This figure rose to 5% for public sector organisations. In fact, 13% of the public sector organisations surveyed never managed to restore their encrypted data, compared to 6% overall.

However, contrary to popular belief, the public sector was least affected by ransomware, with just 45% of the organisations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks.

Attackers increase pressure to pay

SophosLabs researchers have published a new report, ‘Maze Ransomware: Extorting Victims for 1 Year and Counting,’ which looks at the tools, techniques and procedures used by this advanced threat that combines data encryption with information theft and the threat of exposure. This approach, which Sophos researchers have also observed being adopted by other ransomware families, like LockBit, is designed to increase pressure on the victim to pay the ransom. The new Sophos report will help security professionals better understand and anticipate the evolving behaviours of ransomware attackers and protect their organisations.

“An effective backup system that enables organisations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” added Wisniewski. “Advanced adversaries like the operators behind the Maze ransomware don’t just encrypt files, they steal data for possible exposure or extortion purposes. We’ve recently reported on LockBit using this tactic. Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay. The way to address these malicious manoeuvres is to keep backups offline, and use effective, multi-layered security solutions that detect and block attacks at different stages.”

‘The State of Ransomware 2020’ survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organisations with between 100 and 5000 employees.

1.) ‘The State of Ransomware 2020’ report can be found at www.securitysa.com/*sophos3, redirects to https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf

2.) ‘The Maze Ransomware: Extorting Victims for 1 Year and Counting’ report can be found at www.securitysa.com/*sophos4, redirects to https://news.sophos.com/en-us/2020/05/12/maze-ransomware-1-year-counting/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Key criteria in the selection of CCTV control room operators
Issue 5 2020, Leaderware , Editor's Choice
Some people are better at aspects of the job of CCTV operator than others, and some companies put in a lot more effort in choosing their operators than others.

Read more...
Leaders in risk and security: As long as there are people, there will be risk
Issue 5 2020, iFacts, Technews Publishing , Editor's Choice
Jenny Reid is a self-made success, focusing on people, the risks they create and the potential they have.

Read more...
XProtect available on AWS
Issue 5 2020, Milestone Systems, Technews Publishing , Editor's Choice
Milestone recently announced the availability of XProtect on Amazon Web Services. Hi-Tech Security Solutions asked Keven Marier for more information.

Read more...
From data centre to edge, from one source
Issue 5 2020 , Editor's Choice
First Distribution (FD) is better known in South Africa as an ICT distributor with an enterprise focus. Its offerings in this regard range from client solutions through to hosted solutions, data centre ...

Read more...
Paxton launches access and video management
Issue 5 2020, Paxton Access , Editor's Choice
Paxton’s next-generation access control and video management system, Paxton10, officially launched in South Africa on 2 July 2020. Paxton10 is the next step in complete security solutions and combines ...

Read more...
The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Read more...
The COVID test for estate business continuity planning
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Many estates were caught unaware when the COVID-19 pandemic and subsequent lockdown hit. Helderberg Village was ready for the challenge.

Read more...
Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Read more...
Local or remote management
Residential Estate Security Handbook 2020, Xone Integrated Security, Vox Telecom, Fidelity ADT , Editor's Choice
Hi-Tech Security Solutions asked three companies well versed in offering control room services – either remote, local, or both – what’s happening in the estate monitoring and/or management market.

Read more...
Residential Estate Security Conference 2020
Residential Estate Security Handbook 2020, Technews Publishing , Editor's Choice
Back in the old days when conferences that people attended in a single location were a thing, Hi-Tech Security Solutions held its Residential Estate Security Conference 2020 at the Durban Country Club.

Read more...