Only Half of Organizations that Pay Ransomware Operators Get Their Data Back

Ransomware, the prolific malware that locks down computer files until the victim pays to regain access, remains the fastest-growing cyber threat, targeting users from the regular Joe to entire corporate networks.

In its fifth annual Cyberthreat Defense Report, CyberEdge Group offers a mashup of perceptions from 1,200 IT security professionals in 17 countries and 19 industries. The key insight from this year’s report: Only half of ransomware victims who paid ransom to have their data decrypted actually got their data back.

By contrast, 87% of victims refused to pay ransom but got their data back anyway, either from backups or other means, such as specialized decryption tools.

“It’s like flipping a coin twice consecutively – once to determine if your organization will be victimized by ransomware, and then, if you decide to pay the ransom, flip it again to determine if you’ll get your data back,” reads the report.

Government agencies, law enforcement and security experts alike typically advise organizations that get breached to refuse to cooperate with the attackers – in the case of ransomware, to refrain from paying ransom for the decryption keys. Paying up encourages attackers to spread more ransomware and grow their legions, and it’s no guarantee the attackers will stick to their end of the bargain. In some cases, though, the data that’s been encrypted is so valuable that victims feel they have no choice but to flip that coin and hope for the best.

Small-to-midsize businesses (SMBs) are the preferred target by ransomware operators, due to weaker protection and greater willingness to pay up.

In a study conducted last year, Bitdefender showed that 45% of SMBs that paid to regain access to their data actually got the information back. Of those targeted, 65% were able to mitigate the attack by restoring from backup or through security software/practices. A quarter of those targeted couldn’t find a solution to address the ransomware attack and lost their data.

One of Bitdefender’s pro-tips for 2018 is to view a ransomware infection as a simple hard drive failure:

“Viewing ransomware as an imminent hard drive failure points toward the simplest measure you can take: Keep regular, offline backups of your important data,” says Bogdan Botezatu, senior e-threat analyst, Bitdefender. “This way, even if you get infected, you can always recover your important data, whether it’s photos of your cat or millions of dollars’ worth of intellectual property.”

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles.

This guest blog is part of a Channel Futures sponsorship.