How is Ransomware Paid?
Paying a ransomware fee is not as easy as paying a bill, using a credit card, or using some form of normal currency. Attackers usually require their victims to pay by cryptocurrency to unlock encrypted data. Some victims deliver a payment to an attacker is through a ransomware payment service firm. These types of firms regularly negotiate fees and help get access to compromised systems restored.
What is the Average Ransom Payment?
In early 2019, research suggested that the average ransomware payment paid by a business was under $25,000. By early 2020, the average ransom paid exceeded $100,000. While there is no conclusive research as to why this number has increased so dramatically, the belief is that there are two major factors at play. First, attackers target larger organizations with more damaging attacks. Secondly, some attackers threaten to dump decrypted data on the Internet for failing to pay the ransom.
Should Ransomware Demands Be Paid?
While there is no absolute yes or no answer to this question, the security industry’s consensus is not to pay. Ransomware victims who do not pay a ransom generally report one-half of the total recovery costs vs. those that pay. Paying a ransom is also a cybercrime enabler. By paying for a decryptor, you are increasing an attacker’s capital and capacity to finance and execute more attacks against you and other unsuspecting targets. However, this is a complex decision where you should seek expert advice.
How Do You Usually Recover From a Ransomware Attack?
In most cases, you would not pay the demanded fee. The systems compromised by the attack would have to be wiped and restored from a backup. If you decided to pay for a decryptor, you would have to understand the variant of malware your unlocking, how well the unlock software performs, and if your system doesn’t have any residual risk after unlocking the system. In some cases, the decrypt process will corrupt files, and you will have to rebuild or restore a computer system from scratch.
How Do You Prevent A Successful Ransomware Attack?
The strategy to defend against a ransomware attack should not be any different from safeguarding your systems from any other malware type. It takes a layered approach to cover all the attack vectors available to threat actors. Decreasing the number of domains (by the millions) or temporarily delaying connectivity to where an end-user can download malicious code from the Internet is very important. While no service can ever guarantee to stop all ransomware attacks, utilizing the Securd Web Gateway and DNS Filter in your security strategy can reduce 90% of the attack surface attackers use to host and deliver malware and ransomware.