Ransomware victims having backups are still cashing out ransoms to prevent hackers from leaking their stolen data.
Having a backup to restore the network won’t help if you are a victim of ransomware attacks. As your data is already leaked.
Some organizations with backup plans to store the data are still paying the ransom to cybercriminal gangs, in order to stop hackers publishing stolen data.
During the past year, the technique that has been added by many of the most successful ransomware gangs to coerce the victims into paying ransoms after compromising their networks is – a public declaration of stolen confidential data if a payment isn't received.
This tactic was first used by the maze ransomware gang at the beginning of 2020. But towards the end of it, additional 17 ransomware crews had used this tactic of publishing stolen data of victims to enforce payment of ransom.
As per, cybersecurity company Emsisoft's report named 'State of Ransomware', victims who are, totally able of restoring their network from backups and have effectively done so - are still paying a ransom in form of Bitcoins values at hundreds of thousands or millions of dollars to cybercriminals in to avoid cybercriminals from leaking stolen information.
Just like any other real business, criminal gangs employ strategies that are confirmed to work, and data-stealing has indeed been established as a good way to extort money. Some organizations that we're able to use backups to recover from attacks still paid the ransom purely to stop their private data from being published.
Ransomware attacks claimed thousands of victims in the form of government agencies, healthcare facilities, schools and universities, and private companies over the course of last year, among those hit by cyber-criminal threats of extortion.
According to the report, public sector organizations of the US were among the topmost badly hit victims by ransomware attacks with at least 2,354 government, medical care, and educational organizations impacted.
Among which 1,681 schools, colleges, and universities, 560 healthcare facilities, and 113 federal, state, and municipal governments and agencies. In the meantime, over 1,300 private companies were also hit by ransomware attacks.
Some organizations give into this ransom call, cashing out hundreds of thousands or even millions of dollars in bitcoin, feeling it to be the hastiest way to restore the network, while others refrained and can occupy weeks or months attempting to restore the network – while some restored from backups and also paid the ransom in order to stop their confidential data to go public.
According to Emsisoft, the total cost of monetary harm done by ransomware attacks is likely to have amounted to billions. And because this technique evidencing success, it's likely that now more and more ransomware criminal organizations will adopt the technique of stealing and publishing data, because put simply, it works and ransomware gangs are extorting money from businesses who don't want their confidential data leaked.
However, while ransomware attacks are damaging a significant number of organizations, there are relatively simple steps that can be planned in an effort to safeguard against ransomware and other malware attacks.
Phishing stays as one of the key methods of spreading ransomware – especially following the boom in remote working – so organizations should make it clear of being careful when opening emails and attachments. If employees are mistrustful about something, they should report it.
A good patching strategy and the latest security updates applied are measures to prevent cybercriminals from taking advantage of known vulnerabilities to distribute malware.
Regularly updating backups must be a priority, because, in the worst-case scenario, the organization falls victim to a ransomware attack, the network can be re-established without paying the ransom.
"2021 won’t be a repeat of 2020. Proper plans of investment in persons, procedures and IT would result in significantly lesser ransomware occasions and those occasions that did happen would be less effective, less destructive, and less pricey," said Fabian Wosar, CTO of Emsisoft, Cyber Security Firm.