What If You Pay The Ransom … And Silence?

September 9, 2016 CyberCecurity Leave a comment

Trend Micro surveyed 300 UK businesses and found some interesting information. Likely if they surveyed US businesses, the results would be similar.

44 percent of the businesses have been infected with ransomware. That is almost half. It doesn’t say how big the attack was, but given the FBI is saying that they are getting 4,000 reports a day of ransomware attacks, that stat does not surprise me.

65 percent of those infected – two thirds – paid the ransom. If you need the data and don’t have good backups, for many forms of ransomware there really is no other option. For some ransomware attacks, there are ways to decrypt the data, but those are usually the older ones or ones where the attacker made a mistake in the design.

The ransoms ranged from around $700 to over $1,300.

The companies said that most of the time, they were given only 24 hours to pay up.

Organizations said they spent 33 hours, on average, fixing the attack. It is not clear whether this is a mix of those who paid the ransom and those who did not, but I am guessing it is.

Trend Micro has found 79 new ransomware FAMILIES so far this year, compared to 29 for all of last year.

66 percent refused to pay the ransom; 60 percent said they were able to recover the data from backups. Some said the data wasn’t that important.

The challenge, of course, with paying the ransom is that is does not come with a guarantee that you will get your data back and there are certainly reports of people paying the ransom – sometimes more than once – and not getting the data back in a readable form.

What this means, of course, is that you should prepare for a ransomware attack. There are two things to consider. First, do you have backups of everything you need to recover. Before you say yes, think about that. Do you have installation media and keys for all of your applications? Is data on users laptops backed up or only data on servers? Have the backups been test-restored? If you do, then it is a matter of time. That is the second question – how long will it take you to recover – whether that is a rebuild or restore – and can you live with the amount of downtime that you will have under those circumstances. If you cannot live with that much downtime, then you need to rethink your business continuity strategy.

At 4,000 attacks a day in the U.S., the odds of you being hit are relatively high.

As the Boy Scouts say – BE PREPARED!

Information for this post came from The Register.