Paying Cybercriminals A Ransom Will Double Your Recovery Costs

Uploaded on 2020-05-20 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Resilience

Paying those cyber criminals any ransom to recover your data adds over half a million dollars to the cost of organisational recovery, say the experts at the leading advanced threat protection firm Sophos.
 
They commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits.  It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cyber security insurance. 
 
The survey was conducted during January and February 2020 and respondents came from 26 countries across six continents. Cyber ransomware victims who take the difficult decision to pay cyber criminals to prevent their data from being leaked or to regain control of their systems double the costs of recovering from the initial attack, according to statistics gathered by Vanson Bourne on behalf of Sophos.
 
In its latest annual State of Ransomware report, which has just been released, Sophos reported that the average cost of recovery from a ransomware attack clocked in at £588,000 for victims that don’t cough up, but £1.1m for those that choose to pay. Across the survey sample, 5,000 IT decision-makers in 26 countries in the Americas, Asia-Pacific and central Asia, and Europe, the Middle East and Africa, Sophos found that 27% of organisations hit by ransomware admitted paying up.
 
The survey also found that 51% of organisations had experienced a significant ransomware attack in the past 12 months, down from 54% in 2017, with data encrypted in 72% of successful attacks. 
 
2020 Ransomware Reality
The survey provides fresh new insight into the experiences of organisations hit by ransomware, including:
  • Almost three quarters of ransomware attacks result in the data being encrypted. 51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.
  • 26% of victims whose data was encrypted got their data back by paying the ransom. A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organisations that paid the ransom had their data restored.
  • 94% of organisations whose data was encrypted got it back.
  • More than twice as many got it back via backups (56%) than by paying the ransom (26%).
  • • Paying the ransom doubles the cost of dealing with a ransomware attack. The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organisations that don’t pay the ransom, rising to US$1,448,458 for organisations that do pay.
  • Despite the headlines, the public sector is less affected by ransomware than the private. 45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.
  • One in five organisations has a major hole in their cybersecurity insurance. 84% of respondents have cyber security insurance, but only 64% have insurance that covers ransomware.
  • Cyber security insurance pays the ransom. For those organisations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
  • Most successful ransomware attacks include data in the public cloud. 59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cyber criminals are targeting data wherever it stored.
“Organisations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory,” said Sophos principal research scientist Chester Wisniewski.
 
Sophos found that  56% of the sample group said they had been able to recover their data from backups without paying the ransom, but of those which did pay, only about 1% got none of their data back, rising to 5% of public sector  organisations.
 
Contrary to popular belief, the public sector was less affected by ransomware than many others, with attacks reported by 45% of organisations in that category, compared with 60% of media, leisure and entertainment businesses, according to Sophos. 
 
Given that  51% of organisations experienced ransomware in the last year and with average remediation costs of US$761,106, organisations should question the value of insurance that excludes ransomware. 
 
Notable in the survey data is that there is no single main attack vector. Rather, attackers are using a range of techniques and whichever defense has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot. 
 
This data demonstrates the need for an effective layered defense that covers your endpoints, servers, public cloud instances, email, network gateway, and supply chain. Just focusing on a single technology is a recipe for infection. 
 
Recommendations 
The survey has confirmed that ransomware remains a very real threat for organisations today. It’s also provided insight into how to minimise your risk of being held hostage: 
  •  Start with the assumption that you will be hit. Ransomware it doesn’t discriminate: every organisation is a target, regardless of size, sector, or geography. Plan your cybersecurity strategy based on the assumption that you will get hit by an attack. 
  •  Invest in anti-ransomware technology to stop unauthorised encryption. 24% of survey respondents that were hit by ransomware were able to stop the attack before the data could be encrypted. 
  •  Protect data wherever it’s held. Almost six in 10 ransomware attacks that successfully encrypted data include data in the public cloud. Your strategy should include protecting data in the public cloud, private cloud, and on premises. 
  • Make regular backups and store offsite and offline. 56% of organisations whose data was encrypted restored their data using backups last year. Using backups to restore your data considerably lowers the costs of dealing with the attack compared with paying the ransom. 
  • Ensure your cyber insurance covers ransomware. Make sure that you’re fully covered if the worst does happen. 
  • Deploy a layered defense. Ransomware actors use a wide range of techniques to get around your defenses; when one is blocked, they move on to the next one until they find the chink in your armor. You need to defend against all vectors of attack. 
Sophos Intercept X Endpoint offers advanced protection technologies that help your organisation to disrupt the whole attack chain. 
 
In the words of Chester Wisniewski, “Sophos’s findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys, and using them to restore data may be a complex and time-consuming affair.”
 
Sophos:     Sophos:         Computer Weekly:       Search Security:       
 
You Might Also Read: 
 
New Ransomware Formats Double:
 
 
 
 
 
« Employees Lack Cyber Protection In Lockdown
German Government Hit By Russian Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Zurich

Zurich

Zurich’s Security and Privacy policy is designed to manage financial and reputational costs as a result of a breach of network security or unauthorized access or release of private information.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Pipeline Security

Pipeline Security

Pipeline Security protects businesses with real-time threat data, threat detection & prevention, continuous cyber security monitoring and security analytics.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.