IT Briefcase Exclusive Interview: Only One-Quarter Who Pay Ransomware Fees Get Their Data Back

In this discussion with Linus Chang, Co-Founder and CEO of BackupAssist, we learn why the strategy of planning to pay the ransom in the wake of a ransomware attack is misguided.

• Q: Let’s start with some basics about ransomware. Is it only larger businesses that need to be worried about this type of cybercrime?

A: Actually that’s a misconception because ransomware poses a serious threat to all sizes of businesses worldwide. And many businesses have become victims of ransomware attacks over the last few years. Security firm SentinelOne’s Global Ransomware Study showed that this year we are approaching six in ten (56%) surveyed decision makers from IT and risk, fraud or compliance functions report that their organization has suffered a ransomware attack in the last 12 months, compared to under half (46%) who said the same in 2016.

• Q: Some businesses that don’t have a reliable ransomware solution in place figure that if they’re hit by a ransomware attack, they’ll just hand over the ransom fee. Is that a viable strategy?

A: I understand why businesses can feel desperate when hit by ransomware—because of the malicious nature of this malware, once your system is infected, you are denied access to your files and apps, presumably until you pay the ransom. But in a word, the answer to your question is no—just paying the fee is not a smart solution.

Here’s why: when enterprises choose to pay a ransom fee, their hope is that they’ll get their data back in exchange for the money. But research proves that a hopeful belief in good faith isn’t warranted when it comes to dealing with ransomware hackers. Studies show that if your business is hit by ransomware and you decide to pay the requested ransom, there’s a three in four chance—74 percent, to be exact—that you either won’t recover your data, or that you will be victimized in a further way – through repeated attacks or through release of confidential information. So you might end up forking over a sizeable chunk of change for nothing.

• Q: Tell me more about this study and its key findings on ransomware.

A: This is actually brand-new 2018 research from security firm SentinelOne’s Global Ransomware Study. One bottom-line finding was that for businesses struck by ransomware, it’s simply not worth paying the ransom. The reasons are that not only are you unlikely to retrieve your data, but also companies that do pay are targeted for future attacks. Two of the most eye-opening stats are these:

– 45 percent of U.S. organizations that experienced ransomware attacks in 2017 decided to pay the ransom fee. But when they did so, as mentioned, only about a quarter of them got their files unlocked and were left alone.

– 73 percent of the firms that paid the ransom became sitting ducks for ransomware hackers, as they were subsequently attacked more than once. It’s easy to see the cyber-crook’s rationale here—if you’re willing to pay the first time, you become a prime target for a repeat performance.

• Q: Did the report address who in the company generally ends up paying the ransom?

A: Yes, the study found, quite surprisingly, that 44% of the time, employees were often the ones who decided to pay the ransom without consulting the company’s I.T. professionals about it—they just felt stuck and wanted to try to solve the problem, which ended up backfiring on the vast majority of them.

• Q: What about regional differences in ransom fees paid?

A: It turns out that the United States tops the global list of ransomware victims when it comes to the amount shelled out. U.S. companies currently pay higher ransom fees than any other region worldwide, averaging $57,088—almost $8K more than the global average of $49,060.

• Q: Are there additional costs for companies that don’t properly handle ransomware attacks?

A: Yes, the consequences are very steep and go beyond the upfront price of the ransom. While the dollar figures I just mentioned are certainly intimidating, these pale in comparison to the big-picture damages. Across all the companies surveyed, the average business cost from a single ransomware attack—which includes work loss and time spent responding to the crisis—is more than $900,000 on average. And don’t forget about the hidden costs and collateral damage inherent in losing critical business data like private client details. A larger ransomware attack can shut down many businesses, even larger ones.

• Q: How do these attacks succeed? Did the study shine any light on that?

A: According to the report, 56% reported that the root cause was that an employee was careless. More than half of the organizations surveyed—53 percent—pointed to ineffective antivirus protection as the problem, since these solutions failed to prevent the attack. This is a fair point and one piece of the puzzle, but it doesn’t fully address the wider nature of the problem. Ransomware hackers are becoming savvier and more powerful, constantly refining their malware to enable it to bypass even the best antiviral software. Because of this growing reality, it’s foolish for IT professionals to rely solely on AV solutions as their first and last line of defense.

• Q: What other types of solutions are more effective against ransomware?

A: Let me be clear that it’s not that I’m against antivirus strategies—they’re an important component of data protection when it comes to defending against malware. But the best approach to really go head-to-head against ransomware in the most effective way is to employ a multi-pronged approach. By that I mean combining solutions like AV protection, firewalls, and backup software so that they all work together and combine their strengths. BackupAssist’s CryptoSafeGuard solution is an example of an effective multi-pronged solution—via protection, detection, and response functionality—that can safeguard a company’s backups against ransomware.

• Q: What’s the importance of protecting backups in particular?

A: Some ransomware can spread across connected machines and potentially disable your system completely, meaning infected machines often need to be recovered from a backup. Backups must be protected against ransomware because they’re your last line of defense. Once they’re infected, you have nowhere else to turn. It is therefore critical that your backups are not infected, which is why CryptoSafeGuard is such an invaluable tool.

The thing is that ransomware has a major weakness. If a company has clean backups on hand that haven’t been compromised by the attack, then you can wipe the infected system and restore the business’s data without paying the ransom. Ransomware hackers aren’t dumb, though. They’re always looking for ways to encrypt your backups and render them useless. That’s why you need a multi-point strategy. If you use CryptoSafeGuard as your protective solution rather than just hoping (irrationally, according to SentinelOne’s study) that paying the ransom will restore your files, then you’ll have the assurance that even if ransomware infects your system, your backups won’t be compromised. This solution ensures that your data stays clean and safe for easy recovery.

• Q: How exactly does CryptoSafeGuard work?

A: In a nutshell, the solution contains two key features designed to offer comprehensive ransomware protection for backups: the CryptoSafeGuard Detector and the CryptoSafeGuard Shield. So first it detects threats by scanning and locating the effects of ransomware activities in source files intended for backup. Then it responds by immediately alerting IT via SMS and email, and blocking all backup jobs from running.

• Q: How can companies learn more about BackupAssist and CryptoSafeGuard?

A: They can visit our website at https://www.backupassist.com.

Linus Chang, Founder and CEO, BackupAssist and Scram Software 

Linus is a computer programmer and entrepreneur from Melbourne, Australia. Linus started programming computers aged seven. He spent his spare time coding up hobby projects and learning different programming languages, winning numerous awards and subsequently representing Australia in programming as a teenager. Shortly after graduating from Monash University (Melbourne, Australia), he ventured into business and entrepreneurship. Linus is also known for creating the BackupAssist product, which has sold over 100,000 copies to the Small to Medium Business (SMB) market in 145 countries. Linus has a passion for creating mass market software products that solves real world problems and makes people’s lives better. Linus founded Scram Software to address the security issues faced by businesses when using the cloud.