Sophos Double-Down The Ransom Cost

Date : 13-May-2020
Location: Kuala Lumpur

Organization:

Sophos, a global leader in next-generation cybersecurity.

Key Takeaways:

  • Global survey (The State of Ransomware 2020) shows the average cost of recovery is US$1.4 million if organizations pay the ransom, US$730,000 if they don’t.
  • More than half (58%) of organizations in Malaysia had experienced a ransomware attack in the previous 12 months.
Spokepersons:

  • Chester Wisniewski, principal research scientist, Sophos,said,paying the ransom may not be fastest way to resolve downtime because often times attackers may use multiple decryption keys which results in data recovery process a complex and time-consuming affair.
Insights:

  • The survey polled 5,000 IT decision makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.
  • Less than half (43%) of the IT managers surveyed in Malaysia were able to recover their data from backups without paying the ransom. In Malaysia, there were no instances where paying the ransom did not lead to the recovery of data.
  • SophosLabs researchers have published a new report, Maze Ransomware: Extorting Victims for 1 Year and Counting, which looks at the tools, techniques and procedures used by this advanced threat that combines data encryption with information theft and the threat of exposure. This approach, which Sophos researchers have also observed being adopted by other ransomware families, like LockBit, is designed to increase pressure on the victim to pay the ransom. The new Sophos report will help security professionals better understand and anticipate the evolving behaviors of ransomware attackers and protect their organizations.

Best Practices:
  • An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware.
  • The way to address these malicious maneuvers is to keep backups offline, and use effective, multi-layered security solutions that detect and block attacks at different stages.

Comments