As Apple gets caught up in an apparent $50 million ransomware extortion attempt by a significant cybercriminal gang, new research reveals just how unlikely it is that organizations will get all their data back if they pay up.
According to the Sophos State of Ransomware 2021 report, the number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% last year. Here's the thing though, that same global survey discovered that only 8% of them got all their data back despite doing so. Nearly a third, 29%, couldn't recover more than half the encrypted data.
Even what appears to be some good news in the report, that the number of organizations whose data was encrypted by ransomware dropped from 73% in 2020 to 54% in 2021, is tempered by the new reality of ransom attack behavior.
"We've seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking," Chester Wisniewski, principal research scientist at Sophos, said. The potential for damage is, therefore, higher from these complex and highly targeted attacks. Attacks that include data exfiltration as the norm and publication or sale of that data as leverage. "Such attacks are harder to recover from," Wisniewski continued, "and we see this reflected in the survey in the doubling of overall remediation costs."
The Sophos research suggests that average ransomware recovery costs are now $1.85 million compared to $761,106 a year ago. While the ransoms themselves vary tremendously, based on the size of the victim organization and the value of the data stolen, Sophos found the average paid to be $170,404.
Ransomware is a business, a dirty, criminal business but one nonetheless. The gangs behind the attacks are well organized and used to the negotiation process, amenable to talking numbers.
The findings confirm the brutal truth that when it comes to ransomware, it doesn't pay to pay
Full article on https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?ss=cybersecurity&sh=6ab191d8e0c7
#ransomware #apple #sophos #forbes #yokdata #blog #mindyourdata