In this week’s bulletin, Charlie discusses paying a ransom to retrieve your data and shares his research on how much data organisations have recovered in the past.
This afternoon, myself and one of the PlanB Consulting consultants, Jamie, were talking to a client about their forthcoming cyber exercise. This was the second cyber exercise they had undergone and they wanted to revisit the conversation on whether to pay a ransom or not. This got me thinking about if you pay the ransom, would you get all of your data back? I did an internet search and I thought this week I would share what I found.
- Firms with 1,000-plus employees are more likely to have recovered their data successfully (68% compared with 59% on average). This is in general rather than after paying a ransom.
- Two-thirds (66%) paid up and more than half (53%) paid ransoms on multiple occasions.
- Almost all organisations hit by ransomware in the last year (99%) now get some encrypted data back, up slightly from 96% last year.
- Backups are the #1 method used to restore data, used by 73% of organisations whose data was encrypted.
- At the same time, 46% reported that they paid the ransom to restore data.
- Overall, almost half (44%) of the respondents whose organisation’s data had been encrypted used multiple methods to restore data.
- While paying the ransom almost always gets you some data back, the percentage of data restored after paying has dropped. On average, organisations that paid got back only 61% of their data, down from 65% in 2020. Similarly, only 4% of those that paid the ransom got ALL of their data back in 2021, down from 8% in 2020.
- On average, organisations were only able to recover 64% of their data ― meaning that over 1/3 of data is typically unrecoverable, according to 1,376 unbiased organisations surveyed.
- A new survey has shown that a massive 97% of business leaders who’ve experienced a ransomware attack in the past would pay up quickly if they were attacked again.
I thought when I did my internet research there would be multiple instances and different versions of the amount of data you would get back, but there was limited research so most articles and blogs quoted the Sophos report. So, the bottom line is, if you pay a ransom on average, you will get back 61% of your data. Only 4% got back all of their data. This calculation needs to be factored into your considerations when deciding whether you pay a ransom or not.