Well that is a pretty depressing headline, but that is what the statistics say.
According to a Sophos study, the average cost of a ransomware attack jumped from $761,000 to $1.85 million over the last year. The average ransomware payment is now $170,000.
More worrysome, only 8% of the organizations say that they got all their data back. 29% said they got less than half of their data back.
In part this is not because crooks are dishonest. They are just not great at developing software that works – no different than the rest of us. So, when you pay the ransom, only then you find out that their software is buggy and cannot decrypt your data.
Fewer organizations were attacked last year – the number fell from 51% to 37% and fewer of them had to deal with encryption. That number fell from 73% to 54%.
What the hackers have figured out is that you steal the data and then threaten to publish or sell it if the company doesn’t pay up. That is almost impossible to defend against unless you just keep the hackers out.
The number of companies that paid the ransom increased from 26% to 32% – even though only 8% said they got all of their data back.
hat may be because they don’t want their data on the front page of the New York Times.
And, recovering can take years. Even if you pay the ransom, you still have to recover the data that you lost and you have to rebuild your systems from the ground up because you certainly can’t trust a previously hacked system. Then you have to figure out how to harden them. And, of course, there are lawsuits. And on and on.
So what should you do?
- Assume you are going to be hit and plan to deal with it.
- Make backups. Several copies. Make sure that at least one is offline. You can’t hack what you can’t get to.
- Build layers of protection. One solution will not stop everything, no matter how great it is.
- Use human experts. Smart people with smart software is more secure than software alone.