Companies that encounter a ransomware attack might be enticed to pay the ransom demand to minimize downtime and expenses on recovery, however a Sophos survey indicates companies that pay the ransom in reality turn out paying a lot more than those that retrieve their files through backups.
The FBI doesn’t advise paying a ransom because doing this gives attackers cash to allow them to do much more attacks on victims. Additionally, there’s no guarantee that the attackers will provide valid keys for decrypting data. The elevated cost could now be included with the listing of reasons for not paying.
The market research company Vanson Bourne conducted the survey from January to February 2020 on around 5,000 IT decision makers at organizations with 100 – 5,000 workers through 26 countries which include Canada, the United States and the United Kingdom.
51% of the surveyed respondents stated they had encountered a ransomware attack in the last year, 73% stated that the attack involved data encryption. 26% of the attacked companies paid off the ransom demand while 73% didn’t. 56% of companies stated they actually retrieved their files using backups. Of all the companies that paid for the ransom, 95% stated they had recovered their data. 1% of companies that paid the attackers reported they failed to get back their information.
84% of businesses stated they got a cyber insurance policy, however only 64% mentioned that policy took care of ransomware attacks. Of the 64% that had insurance coverage for ransomware attacks, 94% stated the insurance company paid for the ransom.
Victims of ransomware attacks were questioned to give an estimation cost of the attack, which includes downtime, personnel costs, machines costs, lost income, and other related costs. The average cost in instances where the company didn’t pay the ransom was $732,520. The cost paid by companies that paid the ransom was about two times that figure – $1,448,458.
The ransom payment should be covered, which is frequently substantial, and loads of the costs related with an attack must be covered even though the ransom is paid for. It might be an appealing choice to pay the ransom in order to be able to recover faster, however the actuality is recovery might not be reduced substantially even though paying the ransom. Quite often a standalone decryption key is necessary for every endpoint thus recovery will still be an very labor intensive procedure, which might not be clear-cut. It is furthermore not unusual for data to be damaged during the encryption and decryption.
The take home lesson is to make certain that you have the alternative of getting back files via backups, which means being sure several backups are created with one copy saved on an air-gapped device. Backups should be tested as well to ascertain that information wasn’t damaged and it’s possible to retrieve the file. You should then adhere to the FBI’s advice and not pay the ransom except if you are without another option.