Many organizations that fall victim to ransomware attacks end up paying a ransom multiple times, as cybercriminals exploit security vulnerabilities to extort the maximum amount of money from their victims.
According to an analysis by cybersecurity researchers at Proofpoint, 58% of organizations infected with ransomware paid a ransom to cybercriminals to get the decryption key. And in many cases, they paid more than once.
Law enforcement and cybersecurity experts are advising organizations against paying ransoms because not only is there no guarantee that the provided key will work, but giving in to ransom demands only encourages d other ransomware attacks. In effect, it shows cybercriminals that the attacks are working.
Rather twice than once
Of those who paid the ransom, just over half – 54% – regained access to data and systems after the first payment. But another third of ransomware victims ended up paying an additional ransom note before receiving the decryption key, while 10% also received additional ransom notes but refused to pay, leaving without their data.
In 4% of cases, organizations paid one or more ransoms but still couldn’t recover their data, either because the decryption key was faulty or because the cybercriminals simply took the money and have fled.
When organizations fall victim to a ransomware attack, the crooks have often infiltrated the network for weeks or months prior to the attack. This means that even if the ransom is paid, hackers have the necessary controls and permissions to come back and launch another attack.
“I don’t think a lot of organizations are aware of the fact that if the criminals have been in your infrastructure for eight weeks, you don’t know what else they stole,” Adenike Cosgrove, cybersecurity strategist at Proofpoint.
Stolen data is commonly used as additional leverage in ransomware attacks, as cybercriminals threaten to release it if they don’t receive a ransom payment. While this forces some victims to pay, there is no guarantee that cybercriminals will not come back later with new threats of publishing the stolen data.
“The first round is ‘give me a ransom so I can give you the decryption key.’ The second is ‘give me a ransom or I’ll put this data on the dark web’,” she explains.
“The third can be ‘give me a ransom or I’ll talk to the media about this data leak you have and tell regulators you didn’t tell customers their privacy was affected’,” he adds. -she.
Prevention is better than cure
The best way to deal with ransomware attacks is to prevent them from happening.
According to Proofpoint, 75% of ransomware begins with phishing attacks, which cybercriminals use to steal usernames and passwords, or plant remote access Trojans to gain a foothold in the network.
Early detection of suspicious activity can therefore prevent a large-scale ransomware attack.
“We assume that a ransomware attack is the start of an incident, but in reality, the incident began weeks ago,” recalls the strategist.
Training users to identify and report suspicious emails can help organizations detect ransomware and other malware attacks early.
Enabling two-factor authentication can also be a significant barrier to phishing attacks aimed at stealing usernames and passwords, because without access to authentication it is much more difficult for cybercriminals from exploiting compromised login credentials.
Source: ZDNet.com