Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom (bleepingcomputer.com) 58
An anonymous reader shares a report: A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.
obCasablanca (Score:5, Funny)
Re: obCasablanca (Score:2)
Re: (Score:2, Insightful)
Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay. Unfortunately for the criminals there are any number of other criminals out there who don't follow this simple rule. They don't unlock because they don't care, they're only in it for the short term, or they failed to implement unique wallets per victim to verify who's paid them and who's only claiming to have done so.
None of this is terribly surprising; it's t
Re:obCasablanca (Score:5, Interesting)
By failing to unlock the files, they decrease the chance future victims will be willing to pay.
Let's all be happy about it. It keeps more people from paying. I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms. It also helps spread the message that there is no substitute for backups.
Re: (Score:2)
Re: (Score:2)
Sounds more like they're helping another TLA cover the tracks of domestic spying disguised as ransomware. That sounds awfully suspicious when you cherry pick the phrases like that - and I'm not even that paranoid.
Re: (Score:3)
Re: (Score:2)
What's to cherry pick?
The whole speech is the cherry tree. That's all I mean - take away the context and get to the real specific things called for and it really sounds like they're trying to handwave away attention at ransomware.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
I see no reason to think that, it's just criminal assholes saying "fuck it, we've got the part which fucks up the computer and makes them pay, why the fuck would we care about what happens to your data?" Why spend time making a complete solution? Get your money and leave.
And I will continue saying that if we said "fuck you" to javascript, 3rd party anything, and anythin
Re: (Score:1)
Even if there is almost zero percent change that the ransomware authors can/will unlock files, people will still pay. Mainly because they have a lottery's chance of getting their files back versus 0% if they don't.
Re: (Score:2)
I paid the full ransom. At least, that's what I'll say if anyone asks why I bought and spent Bitcoin. Google tells me that Overstock.com and a couple of others take Bitcoin now, but is anyone actually buying legitimate goods with it? The overhead's high and the latency is a nuisance if you aren't prepared ahead of shopping. It's useful for contraband, ransoms, and blind speculative investing, but I'm not sure why I'd use it for a book, a TV, or a sandwich.
Re: (Score:2)
Re: (Score:2)
Not really, the price is based only on what those who do comply can pay. The amount of money 419 scammers ask for in their emails doesn't go up or down according to number of compliant victims either.
Re: (Score:2)
... but, will they start backing up [what remains of] their data afterwards?
Re: (Score:2)
Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay.
I tend to doubt that. People who have no other recourse to recover their precious data will pay. Even if there's only a slight chance of success.
Re: (Score:2)
Smart criminals give you what you paid for.
It is a business, and the victims are like customers. All the rules that apply to legitimate companies apply too. They want your money, and for that, they need to make it clear that the best solution in order to recover your files is to pay the ransom. If people start thinking that paying is useless anyways, it will hurt their bottom line in the long run.
From what I understood, mafias are very reliable. It you pay for "protection", they really protect you. Ineffect
Re: (Score:2)
Such action should be illegal. And these criminals who did this should be punished for it.
Re: obCasablanca (Score:1)
The moral of the story is ... (Score:2)
Re: (Score:1)
With great customer services.
Re: (Score:3)
With great customer services.
I can see the ransomware surveys now...
"Thank you for your payment. We strive to be the best when it comes to timely decryption of your data. If you could please fill out this short survey and rate our performance today, we would greatly appreciate it."
Re: (Score:3)
If you are someone who needs the information on your hard drive, you are probably the type of person that protects your data and makes backups.
It's funny how you believe that.
Re: (Score:2)
Re: (Score:2)
Assuming the version control system is either backed up or distributed, that CEO was right. What's the point of having extra backups if every employee already has a backup?
Re: (Score:2)
Amoral criminals? (Score:2)
Next they'll tell us that you don't always get the kidnapping victims back alive after paying the ransom.
Re: (Score:2)
You can make more money by sending the kidnapping victim back in installments.
but half did get their data.. (Score:2)
..and so the con will continue.
Re: (Score:2)
If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.
But then you would only have a 50% chance of getting half your data...
Re: (Score:2)
Re:but half did get their data.. (Score:4, Funny)
If there's only a 50% chance I'll get my data back, I should only have to pay 50% of the ransom.
I paid double the ransom so I have a credit ready for next time.
Comment removed (Score:5, Insightful)
Re: (Score:2, Informative)
https://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/
Re: (Score:2)
Servers have large attack surfaces, especially when they're hosting third party scripts for thousands of people who don't care about your security. Call me when a linux desktop is infected.
Re: (Score:2)
If you need to keep your data, 1) don't use any Microsoft products
I have an even better idea. Don't take stupid advice from people on Slashdot:
https://www.trendmicro.com/vin... [trendmicro.com]
Whats a good home backup system? (Score:2)
So on this related subject, I have half a dozen Windows PCs networked at home. What's a good backup system to use in case one of the kids executes something and the network gets hits with a ransomware?
Re: (Score:1)
Re: (Score:2)
The important (and difficult) thing is that your backup needs to be offline. If you try to use an always-online device like a NAS or permanently attached external drive as a backup, the ransomware will just e
Re: (Score:2)
If you do backups, look at the 3-2-1 methodology. Three copies, two on different media, one offsite.
For example: CrashPlan and Veeam to a NAS. CrashPlan takes care of offsite documents, Veeam allows you to restore locally. A lot of NAS models also can back themselves up as well as keep snapshots, so a share nailed by ransomware can be rolled back quickly, or restored from somewhere.
Re: (Score:2)
I would do two things:
1. Isolate every device including every PC on the LAN using a real router instead of a switch. Then every device can see the internet unimpeded but all traffic between devices is controlled by the firewall which be default can block everything. Most routers only have one LAN port no matter how many switched ports are connected to it so the cheapest way to implement this is some PC hardware with multiple LAN ports or perhaps better, using a router which supports VLANs and attaching a
Bad news for ransomware operators (Score:2)