Do Ransomware Gangs Restore Data, Even After They're Paid?

Ransomware Gangs Restore Data After Theyre PaidOnly 8% of ransomware victims get all of their data back after paying the ransom, according to researchers at Sophos. The researchers found that, on average, victims who pay the ransom recover about 65% of their data, while 29% of respondents said they recovered less than 50% of their data.

The researchers also found that the average cost of recovering from a ransomware attack has risen by more than $1 million compared to last year, even if the victim pays the ransom.

“Paying the ransom is just part of the cost of remediating an attack,” Sophos says. “While both the number of ransomware attacks and the percentage of attacks where adversaries succeed in encrypting data has declined since last year, the overall cost of remediating a ransomware attack has increased. Respondents reported that the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) was US$1.85 million, more than double the US$761,106 cost reported last year.”

The researchers suspect the rise in costs is due to the increasing sophistication of ransomware attacks.

“In the last year, Sophos ransomware experts have seen a considerable increase in advanced ransomware attacks that combine automation with hands-on human hacking,” they write. “These complex attacks require more complex recovery processes, and this may be a key factor behind the overall increase in ransomware recovery costs. “

The researchers note that preparation can have a visible impact on ransomware defense, pointing to Israel as an example.

“Israel is among the countries with the lowest overall ransomware remediation costs despite being a developed economy,” Sophos says. “For geopolitical reasons, Israel is a major target for cyberattacks (not just ransomware), resulting in very high levels of cyber defenses, preparedness, and remediation expertise across the country. These combine to lower the financial impact of an attack.”

Better not to rely on a social contract with criminals. Help your people learn how to spit the phish hook before it’s set. New-school security awareness training can give your organization an essential layer of defense against ransomware by teaching your employees how to recognize phishing emails.

Sophos has the story.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews