When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Data Backups Are More Effective Than Paying Ransom to Recover Data
Chris Swagler | May 29th, 2023
Because ransomware threat actors want to spend as little time as possible within companies’ systems, their encryption is shoddy and frequently corrupts their data. Restoring data after paying ransoms is often a more expensive task for companies than refusing to pay and operating from their own data backups. Threat actors can encrypt at an alarming speed and encrypt faster than companies can run directory listings. Ransomware threat operators can encrypt baldly, losing some of the data they subsequently attempt to sell back to companies. Restoring from corrupt data dumps by cybercriminals is difficult for companies, and that’s assuming the ransomware threat operators deliver all the data as promised. Many don’t. Instead, they use ransom payments to start a fresh round of negotiations regarding the price of further release. Here are some of the why data backups are more effective for companies than paying ransom to recover their data.
Why Data Backups Are More Effective
Because of such heinous villainy, only 4% of ransomware victims recover all their data. Only 61% of data is retrieved and victims’ companies are often disrupted for 25 days. The time can be decreased if companies create and practice ransomware recovery playbooks which can include having data backups. A blanket policy of paying or not paying ransoms is ineffective. Instead, it needs to be viewed as a business decision considering risks, including payments to offshore players, which could violate international sanctions and result in fines. There’s no guarantee that data will be restored after victims pay the ransom.
Additionally, ransomware groups tend to re-attack victims who paid once, making payments a last resort. The decision may not be the company’s. Cyber-risk insurers may decide that paying a ransom is less expensive than funding restoration and require payments. One ransomware operator even gave a victim the relevant section of their insurance policy to ensure any payments would be paid.
Securing funding to plan for a speedy post-ransomware recovery requires couching the risk in business terminology rather than IT. The topics most likely to loosen the purse strings are revenue protection, risk minimization, and cost control. Even though business leaders authorized enormous and speedy ransom payments, bypassing the denied investments that may have rendered them unnecessary. It’s recommended to have proper planning because ransomware threat operators have discovered one technique to speed up stalled payment negotiations by whacking their victims with DDoS attacks so they’re battling two fires at once and are prepared to pay to make one problem go away. Additionally, ransomware threat operators will double-dip by demanding payments from companies whose data they stole, then mind the data to locate new targets. Clients identified in a stolen data theft can be targeted with a suggestion that they notify suppliers that they want payments made to reduce the risk of data exposure. Immutable data backups and isolated recovery environments are a good combination of defenses.
The operators behind the ransomware are smart, vicious, inventive, and relentless, so they’ll find new and more nefarious ways to attack. That’s why it’s always important for companies to stay ahead of the latest threat landscape by regularly having data backups of their networks and keeping their data backups at off-site locations. At SpearTip, our certified engineers are working continuously at our 24/7/365 Security Operations Center monitoring companies’ data networks for potential ransomware and ready to respond to incidents at a moment’s notice. Our remediation services allow our engineers to restore companies’ operations, reclaim their networks by isolating ransomware, and recover their business-critical assets.
Our cybersecurity awareness training is designed to educate individuals and companies about best cybersecurity practices and to provide the knowledge and skills necessary to protect their systems and data from cyber threats. Our training covers topics such as password security, phishing scams, social engineering, malware, data protection, and network security. By providing cybersecurity awareness training, companies, and their employees can better understand the risks of the cyber landscape and develop impactful cybersecurity practices that can reduce the likelihood of cyberattacks. Cybersecurity awareness training is an essential component of any comprehensive strategy to protect sensitive information, such as personal data, financial information, or intellectual property, having data backups, and prevent data breaches, system downtime, and other negative consequences that can result from cyberattacks.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
ShadowSpear Platform
Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
ShadowSpear Demo
Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
