The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost.
If a midsize company decides to pay after a ransomware attack, chances are it's not getting all of its encrypted data back, according to a session at this week's Gartner's Security & Risk Management Summit.
"What we see is that about 4% of the data is non-recoverable," said Paul Furtado, a senior director and analyst of MSE security at Gartner. Furtado led the "Fighting Ransomware in Midsize Enterprises" session. "So that means, yes, you paid, and yes, you got a decryption key, but these bad actors don't care about what is happening to your data when they go through the encryption."
There may be other issues with data targeted by ransomware, as well: "Think of a database where somebody may have records open or a file in use," he said. "They're going to encrypt that data, even though it's not necessarily sitting at rest and may be sitting in transit. But the chances are when you go to decrypt it, it's corrupted."
Gartner identifies midsize enterprises as companies with between 100 and 1,000 employees, and with revenues between $50 million and $1 billion. Furtado notes that most midsize companies have an IT budget of less than $20 million, fewer than 30 people in the IT departments and more than 50% of such companies "don't even have a dedicated cybersecurity leader."
So, how can a company determine how to respond to a ransomware attack?
"The answer is: it depends!" Furtado said. "It really is unique to you, your ability to recover, the impact to the business. You need to decide if it's worthwhile paying to get that decryption key, or should you try to recover from backups and other tools you may have available."
He notes that law enforcement recommends that companies do not pay and that payment should be a last resort. If one does decide to pay, however, he explained that the average cost of a ransomware payment in Q1 2020 was $178,254 -- and the costs in downtime following the ransomware attack can be five to 10 times the actual ransom amount. That $178,254 figure represents a dramatic rise from a $5,593 average payment in Q3 2018. And as for the ransomware threat level, it increased by 148% in March over the previous month.
Full article on https://searchsecurity.techtarget.com/news/252489235/Gartner-Paying-after-ransomware-attacks-carries-big-risks
#ransomware #payment #gartner #recovery #mindyourdata #yokdata