As ransomware continues to grow as a threat, the continuing question is – should companies pay the ransom? One group has been actively trying to convince companies not to pay.
Ransomware recovery for free
Millions of ransomware victims have been able to recover their files for free thanks to a project called “No More Ransom.”
The project is an online portal created in 2016 by a public-private partnership between Europol, the Dutch National Police and IT security companies Kaspersky and McAfee.
It is in its sixth year of operation, and now has 188 partners around the world. It offers over 100 free decryption tools, and the project website states that over 10 million people have downloaded their decryption tools over the past 6 years.
The site features a number of tools, some Q&A help with ransomware, and a tool called Crypto Sheriff which allows you to post a copy of an encrypted file or some information about the hackers. Crypto Sheriff will try to identify a solution or decryptor for you as well as providing you with instructions on how to restore your files.
Even if no decryptor is available, it is advised to keep checking back as new decryptors are always being added to the site.
The site encourages companies to not pay ransoms, stating that “By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.”
30 terabytes of data stolen in ransomware attacks in first half of 2022
According to a report from the European Agency for Cybersecurity (ENISA) Threat Landscape for Ransomware Attacks, ransomware attackers stole of 30 terabytes of data in the first half of 2022.
The amount of data seems to be accelerating. In each of May and June, the agency reports that 10 terabytes of data were stolen. Fifty-eight per cent of the data stolen included employees’ personal data.
The report estimates that about 38 per cent of companies do not pay the ransom, while 62 per cent “either came to an agreement with the attackers or found another solution.”
The research covered over 600 ransomware incidents in Europe, the UK, and the United States.
Extortion bigger threat than encryption?
Data theft has become the predominant strategy for ransomware attacks, according to security company BlackFog. They reported that exfiltration or data theft was part of 88 per cent of ransomware attacks analyzed in their State of Ransomware July report.
The report also notes that education and government are still the prime areas for attacks, but the study notes that, for the first time, the technology sector has overtaken the manufacturing sector in terms of number of attacks. It notes that “attackers are still focused on sectors with the weakest protection and lowest investment in cybersecurity and aging infrastructure.”