A wing and a prayer?

How likely is it that criminal gangs are going to return all your data intact and untarnished after a ransomware attack, if you comply with their requirements and pay whatever it is they demand of you?

Logic tells you that the odds are extremely low you will escape a successful ransomware assault. Yet, for an organisation that finds itself a victim of an attack, hope must spring eternal that they will be treated kindly - because many pay up, it is reported.

In a letter to the Law Society, the National Cyber Security Centre (NCSC) - which is a part of GCHQ - and Information Commissioner's Office (ICO) say they have seen evidence of a rise in ransomware payments and that, in some cases, solicitors may have been advising clients to pay, in the belief that it will keep data safe or lead to a lower penalty from the ICO. They have asked the Law Society to remind its members of their advice on ransomware and emphasise that paying a ransom will not keep data safe or be viewed by the ICO as a mitigation in regulatory action.

As Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre for Ransomware, states in our comprehensive coverage of ransomware starting on page 18 of the Sept-Oct 2022 issue: "The perception that payment will guarantee a quick resolution to the problem lost access to systems and data is a fallacy," before pointing out: "Since the primary business objective for these criminals is monetary gain, it should come as no surprise that they test their encryption better than they do their restoration processes - and that there is no support line to call, should the restoration process fail. They are after all, criminals, so there is nothing to prevent one criminal group from compiling a list of victims willing to pay ransom and then selling that to other criminal organisations."

As ever, prevention remains the best cure, of course. However, in the event of a successful breach, having an effective backup strategy in place, whereby data can be recovered and restored quickly, is vital - something covered in depth in our ransomware feature.

Brian Wall
Computing Security