Study: Few Get All Data Back After Ransomware Payment

A recent study from cybersecurity firm Sophos reported some surprising trends in the current wave of ransomware over the past year.

  • July 30, 2021 | Author: Todd Hyten
Learn More about this topic

Article Key

A recent study from cybersecurity firm Sophos reported some surprising trends in the current wave of ransomware over the past year. In its “State of Ransomware 2021” report, the UK-based company surveyed 5,400 IT decision makers in 30 countries across the globe. 

According to respondents, only 8 percent of businesses that paid ransoms to get data back from cyber thieves retrieved all their data. Only 29 percent got half of their data back. 
Those are sobering numbers. Given that many of those targeted by ransomware are repeatedly attacked, cyberthieves may hold onto some data for future payment demands. Among the businesses in the survey who paid ransom, the average amount paid was $170,404, however $10,000 was the most common payment. The highest amount paid among respondents was $3.2 million and ten businesses paid more than $1 million.
Sophos’ recommendations include six best practices: 
1. Assume your business will be hit and prepare accordingly.
2. Make backups and keep a copy of your data offline.
3. Use layered protection.
4. Use both human experts and anti-ransomware technology.
5. Don’t pay the ransom!
6. Have a recovery plan for malware.
Note the high importance of making backups and offline copies. Sophos mentions the 3-2-1 data policy standard, but it’s worth noting that there’s an even better version of that rule. As mentioned in this Arcserve executive briefing, the “old” 3-2-1 data storage rule has been  updated to 3-2-1-1, with the extra “1” standing now for immutable storage (considered both offline and offsite because immutable data cannot be encrypted). 
If you have clients interested in improved ransomware-protection practices, it may be important to introduce them to the advantages of immutable storage. Immutable data is in a write-once, read many times format—and because of this there is no encryption (and therefore no key). When paired with continuous data protection, a snapshot of the data being backed up can be taken extremely frequently, ensuring a backup of data within minutes (or even seconds) of an attack. 
Regardless of what solution you provide your client, as the Sophos report underscores, the importance of backup to sidestep the full effects of a ransomware attack is huge. And as the data shows, ransom payments are not a solution. 
[If you’re curious, a data protection solution that combines both immutability and continuous data protection is the 4400 OneXafe series of solutions from StorageCraft, an Arcserve company. Find out more about quick restores and data protection at the link above.]

Related Content