Ransomware Special Reports


Special Report

involved in paying, the prospect of being handed a decryption key to recover data quickly is tempting for many firms. More than 80% of British compa- nies that have suffered a ransom - ware attack paid their attackers, a 2022 Proofpoint study found. Even among smaller firms – around 20% of mid-market businesses end up paying ransoms, according to Code Red’s: The State of the UK’s cyber security response report, with the average pay-out standing at £144,000. “It rarely hurts [to pay],” opines Grimes. He adds that depending on the time and survey, the average percentage of victims who pay the ransom varies from 10% to over 60%, with the median percentage being about 40% to 60%. To all the groups who say it never pays to pay, Grimes counters: why do the cyber security insurance compa - nies always pay? “Insurance companies know what it costs if you pay or don’t pay the ransom, and every insurance com -

that could push an organisation into paying a ransom. The financial impact of not paying and recovering systems over a long period of time could be greater than paying up and hoping that the keys will be handed over. If cyber criminals have hit both the live data and the cold data backups (although these backups should al - ways be segmented), then an organ - isation may have no choice but to pay if they want to be able to recover their systems and carry on with their functions. “Typically, organisations must decide whether to pay out on a case-by-case basis. And it often comes down to limiting the reputational and financial damage of a breach, while careful - ly considering the ethical and legal implications that come with paying a demand,” says Richard Walters CTO of Censornet. Double extortion Here’s the rub: firms that do choose to pay are advised to ramp up securi - ty: the business has just caved to the demands of criminals, is now an open target for a second or even a third hit. “The very act of paying an initial ran - som suggests to ransomware groups that the victim may be more open to paying a second or third time when presented with the threat of double extortion, in which data is published or sold online, and triple extortion, in which anyone affected by the data stolen is threatened individually with its publication,” warns James Tamblin, UK president of BlueVoyant. Steven Furnell, a professor in cyber security at the University of Notting - ham, quoted recent evidence that suggested that 80% of victims that paid a ransom were hit a second time, often while still recovering from the initial attack and still in a vulnerable position. Despite these statistics, other experts refute the idea that double and triple extortion is common. “Organisations spend an incredible number of resources recovering from incidents, often hiring one or many

third-party companies to ensure the incident at hand is remedied, ille - gitimate access is denied, and steps are taken to prevent similar or worse

Danielle Jablanski, OT cyber security strategist at Nozomi Networks

$160,000 bill for failed se- curity measures Solutions provider Network Cov - erage told us of a construction management company (who again could not be named) who suffered a breach, compromising work sta - tions and backups. The company’s ability to function at capacity was compromised, leaving 30 employees unable to work for 10 days while its data was held to ransom. The company’s disaster recovery provider was unable to prevent the attack. The firm also had no back up of its data. The attack led to over $100,000 lost in productivity and business. The company was forced to pay the $60,000 ransom. In the aftermath, Network Coverage helped the firm recover its data and put security measures in place to bolster its client’s business. It also implemented a secure, automated, reliable backup system to prevent data loss and protect against the impact of future threats.

Richard Walters, CTO of Censornet

pany will pay the ransom if they are reassured that paying the ransom will result in the victim getting the decryption keys and those decryption keys and programs working.” So, while the received wisdom is not to pay out, there are several factors


Powered by