Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom (bleepingcomputer.com)

Posted by msmash on from the tough-luck dept.

An anonymous reader shares a report: A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

9 of 58 comments (clear)

  1. obCasablanca by cascadingstylesheet · · Score: 5, Funny

    I am shocked, shocked that paying ransom to criminals does not always result in getting what I paid for!

    1. Re:obCasablanca by Anonymous Coward · · Score: 2, Insightful

      Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay. Unfortunately for the criminals there are any number of other criminals out there who don't follow this simple rule. They don't unlock because they don't care, they're only in it for the short term, or they failed to implement unique wallets per victim to verify who's paid them and who's only claiming to have done so.

      None of this is terribly surprising; it's the nature of the beast. The numbers are at least interesting however.

    2. Re:obCasablanca by omnichad · · Score: 4, Interesting

      By failing to unlock the files, they decrease the chance future victims will be willing to pay.

      Let's all be happy about it. It keeps more people from paying. I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms. It also helps spread the message that there is no substitute for backups.

    3. Re:obCasablanca by DigiShaman · · Score: 2

      What's to cherry pick? It was said, ****at a cyber security summit....in front of people****. Ok, maybe not all the quotes, but even if just one in person, it's totally irresponsible! It simply isn't a defensible position to take.

      If it was me that said that in the private sector, i'd lose 100% of credibility among my peers that work in information security.

      --
      Life is not for the lazy.
  2. Re:Well by omnichad · · Score: 2

    If you are someone who needs the information on your hard drive, you are probably the type of person that protects your data and makes backups.

    It's funny how you believe that.

  3. Re:The moral of the story is ... by geekmux · · Score: 2

    With great customer services.

    I can see the ransomware surveys now...

    "Thank you for your payment. We strive to be the best when it comes to timely decryption of your data. If you could please fill out this short survey and rate our performance today, we would greatly appreciate it."

  4. Re:but half did get their data.. by gnick · · Score: 3, Funny

    If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.

    I paid double the ransom so I have a credit ready for next time.

    --
    He's getting rather old, but he's a good mouse.
  5. The bottom line... by jcr · · Score: 4, Insightful

    If you need to keep your data, 1) don't use any Microsoft products, and 2) keep backups.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:The bottom line... by Anonymous Coward · · Score: 2, Informative

      https://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/