Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Businesses Privacy The Almighty Buck

Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom (bleepingcomputer.com) 58

An anonymous reader shares a report: A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.
This discussion has been archived. No new comments can be posted.

Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom

Comments Filter:
  • by cascadingstylesheet ( 140919 ) on Friday March 09, 2018 @10:50AM (#56233321)
    I am shocked, shocked that paying ransom to criminals does not always result in getting what I paid for!
    • Apparently so is msmash...
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay. Unfortunately for the criminals there are any number of other criminals out there who don't follow this simple rule. They don't unlock because they don't care, they're only in it for the short term, or they failed to implement unique wallets per victim to verify who's paid them and who's only claiming to have done so.

      None of this is terribly surprising; it's t

      • Re:obCasablanca (Score:5, Interesting)

        by omnichad ( 1198475 ) on Friday March 09, 2018 @11:17AM (#56233417) Homepage

        By failing to unlock the files, they decrease the chance future victims will be willing to pay.

        Let's all be happy about it. It keeps more people from paying. I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms. It also helps spread the message that there is no substitute for backups.

        • Never forget, it was Joseph Bonavolonta with the FBI that said at a Cyber Security Summit in 2015 the following things.

          - "The ransomware is that good... To be honest, we often advise people just to pay the ransom."
          - “the easiest thing may be to just pay the ransom"
          - "overwhelming majority of institutions just pay the ransom."
          - "You do get your access back"

          Do you just LOVE your heroes in office?

          • Sounds more like they're helping another TLA cover the tracks of domestic spying disguised as ransomware. That sounds awfully suspicious when you cherry pick the phrases like that - and I'm not even that paranoid.

            • What's to cherry pick? It was said, ****at a cyber security summit....in front of people****. Ok, maybe not all the quotes, but even if just one in person, it's totally irresponsible! It simply isn't a defensible position to take.

              If it was me that said that in the private sector, i'd lose 100% of credibility among my peers that work in information security.

              • What's to cherry pick?

                The whole speech is the cherry tree. That's all I mean - take away the context and get to the real specific things called for and it really sounds like they're trying to handwave away attention at ransomware.

                • Irresponsible none the less. At best, he should have STFU about anything even remotely related to the subject. No no, he had to explicitly advise on paying the ransom for data that's been compromised.

                  Look at this way. If sensitive information was locked up via CryptoWall inside the offices of the FBI, would they pay the ransom if no backups were available (admittedly, that's highly unlikely). As a tax paying civilian entrusting my data the the largest monopoly of authority in the US -The Federal Government-

        • by Anonymous Coward

          I've always wondered if these non-successful recoveries were due to black hats trying to teach the public at large to stop paying ransoms.

          I see no reason to think that, it's just criminal assholes saying "fuck it, we've got the part which fucks up the computer and makes them pay, why the fuck would we care about what happens to your data?" Why spend time making a complete solution? Get your money and leave.

          And I will continue saying that if we said "fuck you" to javascript, 3rd party anything, and anythin

      • Even if there is almost zero percent change that the ransomware authors can/will unlock files, people will still pay. Mainly because they have a lottery's chance of getting their files back versus 0% if they don't.

        • by gnick ( 1211984 )

          I paid the full ransom. At least, that's what I'll say if anyone asks why I bought and spent Bitcoin. Google tells me that Overstock.com and a couple of others take Bitcoin now, but is anyone actually buying legitimate goods with it? The overhead's high and the latency is a nuisance if you aren't prepared ahead of shopping. It's useful for contraband, ransoms, and blind speculative investing, but I'm not sure why I'd use it for a book, a TV, or a sandwich.

        • by jetkust ( 596906 )
          Yep, the amount of money asked by ransomware author's is priced with risk/reward in mind. The less confidence people have in recovering their the lower the price goes.
          • The less confidence people have in recovering their the lower the price goes.

            Not really, the price is based only on what those who do comply can pay. The amount of money 419 scammers ask for in their emails doesn't go up or down according to number of compliant victims either.

        • by Jeremi ( 14640 )

          ... but, will they start backing up [what remains of] their data afterwards?

      • Ransomware criminals shouldn't shit where they drink. By failing to unlock the files, they decrease the chance future victims will be willing to pay.

        I tend to doubt that. People who have no other recourse to recover their precious data will pay. Even if there's only a slight chance of success.

    • by GuB-42 ( 2483988 )

      Smart criminals give you what you paid for.
      It is a business, and the victims are like customers. All the rules that apply to legitimate companies apply too. They want your money, and for that, they need to make it clear that the best solution in order to recover your files is to pay the ransom. If people start thinking that paying is useless anyways, it will hurt their bottom line in the long run.
      From what I understood, mafias are very reliable. It you pay for "protection", they really protect you. Ineffect

    • Such action should be illegal. And these criminals who did this should be punished for it.

    • i am really surprised the number is as high as half of them did. always assumed the number was closer to like 10% return rate
  • Only get hacked by competent hackers.
    • by Anonymous Coward

      With great customer services.

      • With great customer services.

        I can see the ransomware surveys now...

        "Thank you for your payment. We strive to be the best when it comes to timely decryption of your data. If you could please fill out this short survey and rate our performance today, we would greatly appreciate it."

  • Next they'll tell us that you don't always get the kidnapping victims back alive after paying the ransom.

  • ..and so the con will continue.

  • The bottom line... (Score:5, Insightful)

    by jcr ( 53032 ) <.moc.cam. .ta. .rcj.> on Friday March 09, 2018 @12:06PM (#56233665) Journal

    If you need to keep your data, 1) don't use any Microsoft products, and 2) keep backups.

    -jcr

    • Re: (Score:2, Informative)

      by Anonymous Coward

      https://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/

      • Servers have large attack surfaces, especially when they're hosting third party scripts for thousands of people who don't care about your security. Call me when a linux desktop is infected.

    • If you need to keep your data, 1) don't use any Microsoft products

      I have an even better idea. Don't take stupid advice from people on Slashdot:
      https://www.trendmicro.com/vin... [trendmicro.com]

  • So on this related subject, I have half a dozen Windows PCs networked at home. What's a good backup system to use in case one of the kids executes something and the network gets hits with a ransomware?

    • I use AJCsync to backup data to removable USB drives and to multiple cloud drives. It can encrypt the data on the fly as it backs things up so the data stays safe. http://www.ajcsoft.com/file-sy... [ajcsoft.com]
    • Macrium Reflect, EaseUS ToDo Backup, and Paragon Backup and Recovery all have free versions which support incremental or differential backups. Those will only backup the changes from previous backup(s), so will cut down backup time significantly. I still recommend a full backup about once a month.

      The important (and difficult) thing is that your backup needs to be offline. If you try to use an always-online device like a NAS or permanently attached external drive as a backup, the ransomware will just e
      • If you do backups, look at the 3-2-1 methodology. Three copies, two on different media, one offsite.

        For example: CrashPlan and Veeam to a NAS. CrashPlan takes care of offsite documents, Veeam allows you to restore locally. A lot of NAS models also can back themselves up as well as keep snapshots, so a share nailed by ransomware can be rolled back quickly, or restored from somewhere.

    • by Agripa ( 139780 )

      I would do two things:

      1. Isolate every device including every PC on the LAN using a real router instead of a switch. Then every device can see the internet unimpeded but all traffic between devices is controlled by the firewall which be default can block everything. Most routers only have one LAN port no matter how many switched ports are connected to it so the cheapest way to implement this is some PC hardware with multiple LAN ports or perhaps better, using a router which supports VLANs and attaching a

  • This is very bad news for ransomware operators. Once people know they may not get their data back for money, they will not pay.

"There is no distinctly American criminal class except Congress." -- Mark Twain

Working...