Paying Cyber Ransoms Won't Get Your Data Back, ESG Finds

Posted on April 23, 2022

Ransomware groups have a habit of breaking their promises to return stolen data after the ransom is paid, according to a study by Enterprise Strategy Group (ESG).

The study, commissioned by data protection SaaS vendor KeepIt, surveyed 620 IT and cyber professionals across North America and Western Europe. It found 56% ransomware victims paid the ransom in the hopes of regaining access to data, applications, or systems. But, only one in seven respondents reported actually getting all their data back.

Paying ransoms just encourages “further bad behavior” like demanding additional ransoms, ESG reports. It also doesn’t “guarantee seamless business resumption overall, including recovering from data loss and other operational consequences,” the report reads.

Prepare for Ransomware

The study found 79% of IT and cyber professionals surveyed experienced a ransomware attack in the past year. Weekly attacks were reported by 17% of respondents, and 13% say they experience daily ransomware attacks. So its no surprise, 79% of respondents placed ransomware preparedness in the top five of business priorities.

“Organizations are building their own individual strategies and processes in response to a lack of industry reference architecture or a blueprint for ransomware protection,” Christophe Bertrand, ESG practice director, said in a statement. “The results of this report serve as a critical step in understanding the most important components of data recovery after a ransomware attack, and it is our hope that organizations can use this as guidance as they work towards preparedness.”

What happens when an organization has taken some preventative steps against ransomware but still finds themselves victim of an attack? Paying the ransom is unlikely to solve the problem of stolen data.

Data Backup Is King

Data backup ranked as the top methodology that organizations use in the event of a ransomware attack, showing that “backup is king for cyber recovery overall,” the report reads.

Many organizations are turning to “emergent best practices,” like restoring data from air-gapped or isolated storage or restoring from an immutable or “gold” copy of data, the ESG report found. These strategies store recovery data copies separately from the rest of the network, which helps prevent organizations from needing to pay ransoms.

This also means IT leaders are looking for these capabilities in backup solutions, “which must be hybrid to support on-premises, cloud-only, or a combination of deployment topologies,” the report added.

The rise of the cloud is also visible in this content, as public cloud has become as top destination of choice for backups with 39% of respondents who plan to restore data post-ransomware attack from public cloud services. However, hybrid backup options show increased popularity, with ESG reporting 47% of those who plan to use air-gapped or isolated protection storage (37%) plan to restore from both on-premises and public cloud resources.

Additionally, 55% of those who plan to use an immutable backup/gold copy to restore data (35%) plan to tap both on-premises and public cloud resources to restore stolen data.