www.theregister.com Open in urlscan Pro
104.18.4.22  Public Scan

URL: https://www.theregister.com/2023/05/15/ransomware_corrupts_data/
Submission: On May 16 via api from TR — Scanned from DE

Form analysis 2 forms found in the DOM

POST /CBW/custom

<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
  <h5>Manage Cookie Preferences</h5>
  <ul>
    <li>
      <label>
        <input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
        <strong>Necessary</strong>. <strong>Always active</strong>
      </label>
      <label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
      <div class="accordion">
        <input type="checkbox" id="accordion_necessary">
        <p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
      </div>
    </li>
    <li>
      <label>
        <input type="checkbox" name="tailored_ads" value="tailored_ads">
        <strong>Tailored Advertising</strong>. </label>
      <label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
          class="accordion_arrow"></label>
      <div class="accordion">
        <input type="checkbox" id="accordion_advertising_tailored_ads">
        <p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
          and in some cases selecting advertisements that are based on your interests. </p>
      </div>
    </li>
    <li>
      <label>
        <input type="checkbox" name="analytics" value="analytics">
        <strong>Analytics</strong>. </label>
      <label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
      <div class="accordion">
        <input type="checkbox" id="accordion_analytics">
        <p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
          sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
      </div>
    </li>
  </ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
    name="accept" id="RegCTBWFBAC">
</form>

POST /CBW/all

<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
  <input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>

Text Content

Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We
measure how many people read us, and ensure you see relevant ads, by storing
cookies on your device. If you're cool with that, hit “Accept all Cookies”. For
more info and to customize your settings, hit “Customize Settings”.

REVIEW AND MANAGE YOUR CONSENT

Here's an overview of our use of cookies, similar technologies and how to manage
them. You can also change your choices at any time, by hitting the “Your Consent
Options” link on the site's footer.

MANAGE COOKIE PREFERENCES

 * Necessary. Always active Read more
   
   These cookies are strictly necessary so that you can navigate the site as
   normal and use all features. Without these cookies we cannot provide you with
   the service that you expect.

 * Tailored Advertising. Read more
   
   These cookies are used to make advertising messages more relevant to you.
   They perform functions like preventing the same ad from continuously
   reappearing, ensuring that ads are properly displayed for advertisers, and in
   some cases selecting advertisements that are based on your interests.

 * Analytics. Read more
   
   These cookies collect information in aggregate form to help us understand how
   our websites are being used. They allow us to count visits and traffic
   sources so that we can measure and improve the performance of our sites. If
   people say no to these cookies, we do not know how many people have visited
   and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Customize Settings


Sign in / up




TOPICS

Security


SECURITY

All SecurityCyber-crimePatchesResearchCSO (X)
Off-Prem


OFF-PREM

All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X)
On-Prem


ON-PREM

All On-PremSystemsStorageNetworksHPCPersonal Tech (X)
Software


SOFTWARE

All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X)
Offbeat


OFFBEAT

All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout
Us (X)
Special Features


SPECIAL FEATURES

Spotlight on Databases Defense Tech Week Energy Efficient Datacenters Spotlight
on RSA Emerging Clean Energy Tech Week


VENDOR VOICE

Vendor Voice


VENDOR VOICE

All Vendor VoiceAmazon Web Services (AWS) Business TransformationDDNGoogle Cloud
for StartupsIntel vPro (X)
Resources


RESOURCES

Whitepapers Webinars Newsletters


CYBER-CRIME

26


RANSOMWARE CORRUPTS DATA, SO BACKUPS CAN BE FASTER AND CHEAPER THAN PAYING UP

26


SMASH AND GRAB RAIDS DON’T LEAVE TIME FOR CAREFUL ENCRYPTION

Simon Sharwood
Mon 15 May 2023 // 06:32 UTC




Ransomware actors aim to spend the shortest amount of time possible inside your
systems, and that means the encryption they employ is shoddy and often corrupts
your data. That in turn means restoration after paying ransoms is often a more
expensive chore than just deciding not to pay and working from our own backups.

That's the opinion of Richard Addiscott, a senior director analyst at Gartner.

"They encrypt at excessive speed," he told the firm's IT Infrastructure,
Operations & Cloud Strategies Conference 2023 in Sydney on Monday. "They encrypt
faster than you can run a directory listing."



Ransomware operators therefore encrypt badly and lose some of the data they then
try to sell you back.




Restoring from corrupt data dumps delivered by crooks is not easy, Addiscott
advised – and that's if ransomware operators deliver all the data they promise.
Plenty don't – instead they use a ransom payment to open a new round of
negotiations about the price of further releases.

That sort of wretched villainy means just four percent of ransomware victims
recover all their data, he said. Only 61 percent recover data at all. And
victims typically experience 25 days of disruption to their businesses.



Addiscott suggested that period can be reduced if organizations create
ransomware recovery playbooks and practice their use.

"Do you have scripts ready for a cloud rebuild?" he asked. "Don’t build the
plane while you are trying to fly it."

To pay or not to pay?
A blanket policy to pay, or not pay, ransoms is not helpful, Addiscott opined.
Instead it should be considered a business decision that takes into account
risks including payments to offshore players could violate international
sanctions and lead to fines.

Paying ransoms is also no guarantee data will be restored, he added.

Ransomware gangs also tend to re-attack those who pay once, making payments a
tactic of last resort in Gartner's opinion.

In any case, the decision might not be yours: cyber-risk insurers may decide a
ransom is cheaper than funding a restore, and require payment. Addiscott said
he's even aware of one ransomware operator that sent a victim the relevant
section of their insurance policy to point out any payments would be covered.

Securing the funds to prepare for a rapid post-ransomware recovery means
couching the risk in the language of the business, not IT.

Revenue protection, risk minimization, and cost control, are the topics likely
to loosen the purse strings, according to Addiscott. Although he also shook his
head as he recalled moments in which business leaders authorized large and rapid
ransom payments that dwarfed the denied investments that could have made them
unnecessary.

He counselled proper preparation, because ransomware scum have figured out one
way to accelerate stalled negotiations over a payment: whacking their victims
with a DDoS attack so they're fighting two fires at once, and are therefore
willing to pay to make at least one problem go away.

 * A right Royal pain in the Dallas: City IT systems crippled by ransomware
 * Let's take a closer look at these claims of anti-ransomware SSDs
 * Medusa ransomware crew brags about spreading Bing, Cortana source code
 * LockBit crew cooks up half-baked Mac ransomware

Ransomware operators also like to double-dip by seeking payment from
organizations whose data they stole, then mining it to find other targets.
Addiscott mentioned an attack on a healthcare provider whose customers were hit
with a demand for payments or else their medical records would be released.

Customers named in a stolen data heist may also be targeted with a suggestion
they let suppliers know they want payments made – to lessen the risk of their
data being exposed.



Addiscott suggested immutable backups, and an isolated recovery environment, are
an excellent combination of defences.

But he also pointed out that the folks behind ransomware are smart, ruthless,
creative, and persistent, so will find new and even nastier ways to attack.

The analyst did have one good piece of news: a 21 percent drop in ransomware
incidents in 2022 compared to 2021. He theorized that drop was caused by
sanctions making it harder for ransomware gangs based in Russia to go about
their business. ®

Get our Tech Resources
Share



SIMILAR TOPICS

 * Cybercrime
 * Ransomware
 * Russia

More like these
×


SIMILAR TOPICS

 * Cybercrime
 * Ransomware
 * Russia
 * Security


NARROWER TOPICS

 * 2FA
 * Advanced persistent threat
 * Application Delivery Controller
 * Authentication
 * BEC
 * Black Hat
 * Bug Bounty
 * Common Vulnerability Scoring System
 * Cybersecurity
 * Cybersecurity and Infrastructure Security Agency
 * Cybersecurity Information Sharing Act
 * Data Breach
 * Data Protection
 * Data Theft
 * DDoS
 * Digital certificate
 * Encryption
 * Exploit
 * Firewall
 * Hacker
 * Hacking
 * Identity Theft
 * Incident response
 * Infosec
 * Kenna Security
 * NCSAM
 * NCSC
 * Palo Alto Networks
 * Password
 * Phishing
 * Quantum key distribution
 * Remote Access Trojan
 * REvil
 * Roscosmos
 * RSA Conference
 * Spamming
 * Spyware
 * Surveillance
 * TLS
 * Trojan
 * Trusted Platform Module
 * Vulnerability
 * Wannacry
 * Zero trust


BROADER TOPICS

 * APAC
 * EMEA
 * Europe

SIMILAR TOPICS

Share


26 COMMENTS

SIMILAR TOPICS

 * Cybercrime
 * Ransomware
 * Russia

More like these
×


SIMILAR TOPICS

 * Cybercrime
 * Ransomware
 * Russia
 * Security


NARROWER TOPICS

 * 2FA
 * Advanced persistent threat
 * Application Delivery Controller
 * Authentication
 * BEC
 * Black Hat
 * Bug Bounty
 * Common Vulnerability Scoring System
 * Cybersecurity
 * Cybersecurity and Infrastructure Security Agency
 * Cybersecurity Information Sharing Act
 * Data Breach
 * Data Protection
 * Data Theft
 * DDoS
 * Digital certificate
 * Encryption
 * Exploit
 * Firewall
 * Hacker
 * Hacking
 * Identity Theft
 * Incident response
 * Infosec
 * Kenna Security
 * NCSAM
 * NCSC
 * Palo Alto Networks
 * Password
 * Phishing
 * Quantum key distribution
 * Remote Access Trojan
 * REvil
 * Roscosmos
 * RSA Conference
 * Spamming
 * Spyware
 * Surveillance
 * TLS
 * Trojan
 * Trusted Platform Module
 * Vulnerability
 * Wannacry
 * Zero trust


BROADER TOPICS

 * APAC
 * EMEA
 * Europe

TIP US OFF

Send us news

--------------------------------------------------------------------------------


OTHER STORIES YOU MIGHT LIKE

FBI-LED OP MEDUSA SLAYS NATO-BOTHERING RUSSIAN MILITARY MALWARE NETWORK

Perseus to the rescue as Snake eats itself
Cyber-crime6 days | 9

EXTRA! EXTRA! DON’T QUITE READ ALL ABOUT IT: CYBER ATTACK HITS PHILADELPHIA
INQUIRER

Breaking news, literally
Cyber-crime5 hrs |

A RIGHT ROYAL PAIN IN THE DALLAS: CITY IT SYSTEMS CRIPPLED BY RANSOMWARE

Texas officials preach limited government ... but not this limited
Cyber-crime10 days | 21

CENTRALIZED SECRETS MANAGEMENT PICKS UP PACE

How cloud migration and machine identities are fueling enterprise demand for
secrets management systems
Sponsored Feature


INTEL SAYS FRIDAY'S MYSTERY 'SECURITY UPDATE' MICROCODE ISN'T REALLY A SECURITY
UPDATE

We're all for encouraging people to squash bugs but this is an odd way to do it
Patches4 hrs | 1

NO MORE MACROS? NO PROBLEM, SAY MISCREANTS, WE'LL ADAPT

Microsoft blocking 'net scripts sparked 'monumental shift' in attacks
CSO10 hrs | 6

FYI: INTEL BOOTGUARD OEM PRIVATE KEYS LEAK FROM MSI CYBER HEIST

Updated Plus: Court-ordered domain seizures of DDoS-for-hire sites
Cyber-crime7 days | 11

'TOP THREE BALKANS DRUG KINGPINS' ARRESTED AFTER COPS CRACK THEIR SKY ECC CHATS

Maybe try carrier pigeons instead
Cyber-crime3 days | 26

EX-UBIQUITI DEV JAILED FOR 6 YEARS AFTER STEALING INTERNAL CORP DATA, EXTORTING
BOSSES

Momentary lapse in VPN led to stretch in the cooler, $1.6m bill
Cyber-crime3 days | 8

TWO MICROSOFT WINDOWS BUGS UNDER ATTACK, ONE IN SECURE BOOT WITH A MANUAL FIX

Patch Tuesday On the plus side, this month's update batch is a bit smaller than
usual
Patches6 days | 20

288 ARRESTED IN MULTINATIONAL MONOPOLY MARKET TAKEDOWN

US tells criminals it 'will find you' and has a particular set of skills
Cyber-crime13 days | 16

MODERN AUTH COMES TO ON-PREM EXCHANGE SERVER GEAR

Guess this'll have to do while we wait for *checks notes* ES 2025
CSO7 days | 2


The Register Biting the hand that feeds IT

ABOUT US

 * Contact us
 * Advertise with us
 * Who we are

OUR WEBSITES

 * The Next Platform
 * DevClass
 * Blocks and Files

YOUR PRIVACY

 * Cookies Policy
 * Your Consent Options
 * Privacy Policy
 * T's & C's

Copyright. All rights reserved © 1998–2023