Ransomware operators want to spend as little time as possible within your systems, which means the encryption they use is shoddy and frequently corrupts your data.
As a result, paying ransoms is typically a more expensive chore than simply refusing to pay and working from our own backups.
That is the perspective of Richard Addiscott, a senior director analyst at Gartner.
"They encrypt at an extremely fast rate," he said on Monday at the firm's IT Infrastructure, Operations, and Cloud Strategies Conference 2023 in Sydney. "They encrypt faster than you can run a directory listing."
Therefore, ransomware creators use poor encryption techniques and end up losing some of the data they later try to sell you.
If ransomware operators deliver all the data they claim, Addiscott said, it is not simple to restore from corrupt data dumps delivered by criminals. Many people don't; instead, they start a new round of discussions regarding the cost of more releases by demanding a ransom.
According to him, just 4% of ransomware victims actually manage to get all of their data back. Only 61 percent actually retrieve any data. Additionally, the average disruption to a victim's business is 25 days.
Addiscott proposed that organisations design and practise ransomware recovery playbooks to shorten the period.
Securing funding to prepare for a speedy post-ransomware recovery requires couching the risk in business terms rather than IT terms.
According to Addiscott, the themes that are likely to release the purse strings are revenue protection, risk reduction, and cost control. Although he shook his head as he recalled instances when business leaders authorised enormous and speedy ransom payments that dwarfed the denied investments that may have rendered them unnecessary.
He advised good preparation because ransomware crooks have figured out one technique to speed up stalled payment negotiations: whacking their victims with a DDoS attack, so they're battling two fires at once, and are thus willing to pay to make at least one problem go away.
Ransomware operators also like to double-dip by demanding payment from the organisations whose data they have stolen, then mining the data to locate new targets. Addiscott mentioned an attack on a healthcare provider in which clients were confronted with a payment demand or their medical records will be revealed.
Customers identified in a stolen data heist may be targeted with the suggestion that they notify suppliers that they want payments made in order to reduce the risk of their data being disclosed.
Immutable backups and an isolated recovery environment, according to Addiscott, are a good combination of defences.
However, he also stated that the people behind ransomware are brilliant, vicious, inventive, and relentless, so they will find new and even more nefarious ways to strike.
The analyst did have one piece of good news: there would be a 21% decrease in ransomware attacks in 2022 compared to 2021. He hypothesised that the decline was caused by sanctions making it more difficult for Russian-based ransomware groups to operate.
