Saturday, May 7, 2022

Another Reason Why Not To Pay That Cyber Ransom: There Is No ROI

 


I don’t know if I have been naïve lately or not, but I have been finding that the news headlines regarding Russia and the Ukraine starting to dissipate somewhat in the headlines.  Heck, even the Cyber headlines have slowed down about being aware from Cyberattacks coming in from Russia. Or maybe its perhaps inflation and the raising of interest rates took the headlines?

Well whatever is happening out there, let’s have some good news out there next, we could all use some for sure.  But when it comes to the Cyber world, at least nothing has too much changed there either, which I guess could be a positive. 

The only thing I really keep seeing anything about are the number of Ransomware attacks that are happening, but by now, in a sad way, we all are getting used to it.

But I did come across a news headline late last week as to how although the total number of attacks are still continuing, the total number of companies having the capability to recover that data is actually slowing down. 

This could be for a number of reasons, such as the Cyberattacker is not making good on its promise to send over the decryption keys, or that the encryption algorithms that were used to scramble the data in the first place are so powerful that they cannot be broken.

Sophos, a leading Cybersecurity company, just came out with its recent report about the state of Ransomware attacks.  The report is entitled the “State of Ransomware 2022”.  The report can be downloaded at this link:

https://www.sophos.com/en-us/whitepaper/state-of-ransomware

One of the key findings is that the total number of Ransomware attacks increased by at least 43% in 2021, which is not surprising.  IMHO, that was probably the year in which Ransomware groups truly made their mark. 

But on the downside, the report also found that the impacted companies simply could not recover the data that they lost.  Another reason for this that needs to be included is that many companies in Corporate America, even despites the lessons that have been learned from COVID-19 simply do not have the right data backup strategies and policies in place yet.

Here are some other noteworthy findings from the report:

*The total number of Ransomware as a Service incidents are growing at a very rapid pace. These are groups that are formed by professional Cyberattacking groups, and have some of the stealthiest and most covert techniques on hand in order to launch devastating Ransomware attacks.

*The average cost of a ransom payment is now pegged at $812,000.00.

*So far, it has been the energy and manufacturing industries that have amongst some of the hardest hit by Ransomware attacks.  This is illustrated in the diagram below:

(SOURCE:https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls)

*On average, it took a business one month or even greater to recover from a Ransomware attack, at a cost of over $1.4 million.

Now, comes the question is it really even worth to pay the ransom?  The reason I say this is that victims are now facing even much higher costs for recovery, including paying the ransom.  If you factor all of this in based upon the number I have presented in this blog, the total cost could be well over $2.2 million.  Consider these statistics also from the Sophos Report:

*While 99% of the victims could recover some of their data, only 61% of them could recover those datasets that were encrypted.

*46% of the total respondents actually paid a ransom, and out of that, only 4% were able to make a full data recovery.

Possibly another reason why companies in Corporate America still don’t have the right back up strategies in place could be is that they have become lazy about it all, because they have a comprehensive Cyber Insurance Policy.  But even here, things are starting to get tight.  Getting a Cyber Insurance Policy is not getting the same as car insurance.  Consider these stats:

*94% of the respondents have found that it is much more difficult to get a comprehensive plan;

*97% have had to increase the total amount of their security controls just so that they qualify as an applicant;

*Only 40% of the total number of Cyber policies actually paid for the ransom payment.

My Thoughts On This:

In the end, no matter how much we do to protect our businesses and the valuable data that resides in them, we all are prone to becoming a victim of Ransomware.  So, the key here is how to mitigate the odds in that happening to you. 

I have to be honest here, and I think that the best solution now is just simply move what ever you have On Prem to a Cloud based solution.

I am sure that there will be a lot of resistance to this at first, because it can be very daunting and nebulous at first.  But remember, you are not alone in this process.  There are a ton of Cloud Service Providers (CSPs) that you can hire that can take care of the entire migration process for you. 

Not only that, but you can also work with them in the long term in order to make sure that all is up to speed with your Cloud deployment.

Also, go with a very reputable Cloud provider, such as that of Microsoft Azure.  They have all the tools you need to protect your datasets.  Another reason why I say to use something like this is that redundancy is a quick and easy process here.  For example, you can easily replicate your Cloud deployment across multiple data centers literally around the globe. 

So in case you are hit, your failover will be very quick, without any disruptions experienced.  Also, by using the Cloud, any VMs that have been hit by a Ransomware attack can quite honestly be deleted, and rebuilt again, in just a matter of five minutes or so.

So really, there is no reason anymore not to have a good data backup plan in place, when a business owner now as all of the tools and technologies available to them to make it happen.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...