Date published: 2020-07-13

Don't pay Ransom to the Hackers

Paying ransomware does not guarantee your data back

According to European Union Agency for Law Enforcement Cooperation, better known as Europol, Ransomware is the biggest cyber threat on the Old Continent. After the attack, sophisticated code scans available documents and data - to encrypt them later on. The attacker can then ask for ransomware and blackmail the victim.

The number of companies and organisations experiencing these attacks is surprisingly high. According to global study CyberEdge, there has been an increase in effected organisations to 62 % in two years.

As a comparison, Flowmon Network has conducted a research last year in which third of respondents confessed to be affected by ransomware. The cloud users have not been exempted from the attacks either as 6 out of 10 successful ransomwares have been cloud attacks.

Why not to ask for more, when it goes well

It is worrying that due to high success attack rate, the ransomware amount is on ‘rapid rise’. Based on the research done by Atlas VPN organisation, year on year, this grows by 140 %; nowadays these equates to around 18,000 USD.

This can be explained by the increase in victims effected by the attacks who decide to pay. Whereas in 2018, according to Sophos survey, 38 % respondents confessed on paying the ransom in the last 12 months. Last year, it rose to 45 % and this year, the number is 57 %.

Although other research reports lower numbers, most victims decide to pay despite the advice against it. They are hoping to avoid shutdowns, costs associated with IT systems recovery or potential data loss.

Sometimes, the reason behind paying could be coming from Top management. Managers and entrepreneurs inclined to risk say that if they become the attack target, they will pay the ransom from backup security money, just to get the data back. Some hospitals and E&A Departments prefer to pay money even though they have backed up their data as it would take too long to recover the systems and would potentially interrupt the services.

To Pay or Not to Pay

This strategy is not always worth it. After the ransom is paid, either by Bitcoin or in a different way, only two thirds of organisations retrieve their lost data. Those refusing to pay, 85 % of respondents manage to get their data recovered.

Most non-payers’s successful data recovery could be due to sufficient backup data systems, so there is almost no motivation behind paying ransom.

Another bad news for those who are not afraid of ransomware attacks or consciously think they will ‘buy’ their encrypted data back, are at risk for repeated attack. One attack not only does not guarantee immunity, the future risk is much higher. Though, once hackers enter the system, they can leave ‘secret door’ to ensure re-entering again. Apparently, this has been confirmed to be happening.

Older research by Druva suggests and confirms that half of IT managers have experienced repeated ransomware attacks; and new research by Sophos reveals that this happens to most victims (sometimes twice a year). Companies and organisations, such as biggest European Hospital Operator Fresenius, logistic company Toll Group and tech company Pitney Bowes have all spoken publicly about the multiple attacks.

Lastly, it is important to realise that paying ransom is not helpful from a global perspective, as it increases hackers’ desire for more attacks.

What’s the recipe?

If we cannot rely on paying off the ransom, how can we protect ourselves against the vicious cyber threat? It is important to realise that ransomware gets into systems in all kinds of ways. Mostly via email with infected attachment, though Sophos shows that there is no ‘more prevalent’ vector of attack. Hackers are just testing out different techniques and if there is a loophole to be violated.

How the ransomware got into the organizationIncidents QtyIncidents %
Via a file download/email with malicious link74129%
Via remote attack on server54321%
Via email with malicious attachment40116%
Misconfigured public cloud instances2339%
Via our Remote Desktop Protocol (RDP)2219%
Via a supplier who works with our organization2189%
Via a USB/removable media device1727%
Don't know90%
How did the ransomware attack get into your organization? Question asked to respondents whose organization had been hit by ransomware in the last year. Base: 2,538 respondents. Source: A Sophos white paper May 2020

There is a call for a multilayered protection due to such attack diversity in infected systems.

Next on the list are training and education. According to Kaspersky research, around 37 % of employees do not know anything about ransomware despite being its victim. More than third of respondents expressed not knowing what to do if their personal data would be in stake and the employer would decide not to pay the ransom.