Is data recovery from a ransomware attack possible?

Monday, April 29, 2019 by Tilly Holland

Stories of organizations being crippled by ransomware have dominated the headlines this year.

A recent study by Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The highlights of the results can be found below:

  • Almost three-quarters of ransomware attacks result in the data being encrypted.
  • 51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.
  • 26% of victims whose data was encrypted got their data back by paying the ransom.
  • A further 1% paid the ransom but didn’t get their data back.
  • Overall, 95% of organizations that paid the ransom had their data restored.
  • 94% of organizations whose data was encrypted got it back.
  • More than twice as many got it back via backups (56%) than by paying the ransom (26%).
  • Paying the ransom doubles the cost of dealing with a ransomware attack.
  • The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organizations that don’t pay the ransom, rising to US$1,448,458 for organizations that do pay.
  • Despite the headlines, the public sector is less affected by ransomware than the private.
  • 45% of public sector organizations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.
  • One in five organizations has a major hole in their cybersecurity insurance.
    84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.
  • Cybersecurity insurance pays the ransom.
  • For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
  • Most successful ransomware attacks include data in the public cloud.
  • 59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.

Anyone with a computer, smartphone or even a smart TV can be the target of a Ransomware attack, but corporations are the ones who are hit the hardest. Not only is an infected company charged a ransom fee, but they can also face financial losses due to downtime. Ontrack has developed a set of solutions to quickly recover the data held hostage, thus eliminating financial support of the criminals behind the attacks and reducing the amount of downtime experienced by companies.

Ransomware is a type of malicious software which blocks the access to data on a device by encrypting it. The global engineering team at Ontrack has identified over 225 variations of Ransomware and has defined a decryption process for many of them.

How to reduce the risk of a ransomware attack 

Ransomware variants will target different business verticals. The highest risk targets are healthcare, financial institutions and government agencies. Those who are at risk should take precautions to reduce their risk and lessen the effects of an attack:

  1. Create and follow a backup and recovery plan. Ensure that your plan includes storing the backups offsite and how to handle corruption.
  2. Be prepared by testing backups regularly. Organizations must be familiar with what is stored in backup archives and ensure the most critical data is accessible should ransomware target backups.
  3. Implement security policies. Use the latest anti-virus and anti-malware software and monitor consistently to prevent infections.
  4. Develop IT policies that limit infections on other network resources. Companies should put safeguards in place, so if one device becomes infected with ransomware, it does not permeate throughout the network.
  5. Conduct user training, so all employees can spot a potential attack. Make sure employees are aware of best practices to avoid accidentally downloading ransomware or opening up the network to outsiders.

What should you do if your organization is hit by ransomware? 

Even with the best precautions and policies in place, you may still suffer from an attack. In the event your data is held hostage by Ransomware, the engineers at Ontrack recommend:

  1. Remain calm. Rash decisions could cause further data loss. For example, if you discover an infection and suddenly cut power to a server, versus powering it down properly, you could lose data in addition to the infected data.
  2. Never pay the ransom because attackers may not unlock your data. There are many cases of victims paying the ransom demanded and not receiving their data back in return. Rather than running this risk, companies should work with data recovery experts who may be able to regain access to data by reverse-engineering the malware.
  3. Check your most-recent set of backups. If they are in-tact and up-to-date, the data recovery becomes easier to restore them to a different system.
  4. Contact Ontrack to explore ransomware recovery options. We can examine your scenario to see if we have a solution already in place, or if we are able to develop one in time.

There is hope for companies who are infected with Ransomware. The team of engineers at Ontrack is working around the clock in order to identify and find a resolution for each type Ransomware.