Paying Ransomware Demand ‘No Guarantee’ for Data Recovery: HPE Study
“Gaps in readiness” are seriously hampering the ability of many organizations to “manage and recover” from ransomware attacks, a Zerto study found. “The research also underlines the increased risk to mitigation strategies presented by widespread skills shortages and over-reliance on internal resources,” said the Hewlett Packard Enterprise subsidiary Tuesday.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Zerto hired ESG to canvass 620 “qualified respondents” in North America and Western Europe in December, finding organizations recognize that one of the “best protections” against a ransomware attack is the ability to recover from it, but “many are still struggling to counteract ransomware when prevention has failed,” said Zerto. Ransomware attack frequency and impact remain a major concern, it said, citing the 73% of respondents who said their organizations were victimized in the previous 12 months.
Even within the most “advanced” organizations, defined by ESG as leaders in ransomware “preparedness,” 75% said their groups suffered operational disruption, calling into question the vulnerability even for those “considered most prepared,” said Zerto. “The threat is also proving to compound itself for victims,” it said, citing the 61% of respondents whose organizations paid a ransom and were then subjected to further extortion attempts resulting in extra payments being made on top of initial sums.”
Paying a ransom is “no guarantee to getting a business completely back online,” the survey found. Only 14% of respondents reported that their organizations got 100% of their data back “even after acceding to a ransom demand,” said Zerto. Nearly half of survey respondents (45%) “are struggling with skills issues that will help them respond to a ransomware attack,” it said.
Many organizations remain "seriously underprepared to effectively mitigate against the risks and impact of ransomware attacks,” said Christophe Bertrand, ESG practice director. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned." Caroline Seymour, Zerto vice president-product marketing, said it's "worrying that many organizations are experiencing a ‘perfect storm’ of vulnerability that results from inadequate technologies and under-resourced teams.”
Analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021, compared with 2020, reported the cybersecurity company Tuesday. It unearthed 20,175 new vulnerabilities in 2021, the most ever reported in a single year, it said: “These new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published over the last 10 years reached 166,938 in 2021 -- a three-fold increase over a decade.”