www.theregister.com
Open in
urlscan Pro
104.18.4.22
Public Scan
URL:
https://www.theregister.com/2023/05/15/ransomware_corrupts_data/
Submission: On May 16 via api from TR — Scanned from DE
Submission: On May 16 via api from TR — Scanned from DE
Form analysis
2 forms found in the DOMPOST /CBW/custom
<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
<h5>Manage Cookie Preferences</h5>
<ul>
<li>
<label>
<input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
<strong>Necessary</strong>. <strong>Always active</strong>
</label>
<label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_necessary">
<p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="tailored_ads" value="tailored_ads">
<strong>Tailored Advertising</strong>. </label>
<label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_advertising_tailored_ads">
<p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
and in some cases selecting advertisements that are based on your interests. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="analytics" value="analytics">
<strong>Analytics</strong>. </label>
<label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_analytics">
<p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
</div>
</li>
</ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
name="accept" id="RegCTBWFBAC">
</form>
POST /CBW/all
<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
<input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>
Text Content
Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”. REVIEW AND MANAGE YOUR CONSENT Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer. MANAGE COOKIE PREFERENCES * Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. * Tailored Advertising. Read more These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. * Analytics. Read more These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. See also our Cookie policy and Privacy policy. Customize Settings Sign in / up TOPICS Security SECURITY All SecurityCyber-crimePatchesResearchCSO (X) Off-Prem OFF-PREM All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X) On-Prem ON-PREM All On-PremSystemsStorageNetworksHPCPersonal Tech (X) Software SOFTWARE All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X) Offbeat OFFBEAT All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us (X) Special Features SPECIAL FEATURES Spotlight on Databases Defense Tech Week Energy Efficient Datacenters Spotlight on RSA Emerging Clean Energy Tech Week VENDOR VOICE Vendor Voice VENDOR VOICE All Vendor VoiceAmazon Web Services (AWS) Business TransformationDDNGoogle Cloud for StartupsIntel vPro (X) Resources RESOURCES Whitepapers Webinars Newsletters CYBER-CRIME 26 RANSOMWARE CORRUPTS DATA, SO BACKUPS CAN BE FASTER AND CHEAPER THAN PAYING UP 26 SMASH AND GRAB RAIDS DON’T LEAVE TIME FOR CAREFUL ENCRYPTION Simon Sharwood Mon 15 May 2023 // 06:32 UTC Ransomware actors aim to spend the shortest amount of time possible inside your systems, and that means the encryption they employ is shoddy and often corrupts your data. That in turn means restoration after paying ransoms is often a more expensive chore than just deciding not to pay and working from our own backups. That's the opinion of Richard Addiscott, a senior director analyst at Gartner. "They encrypt at excessive speed," he told the firm's IT Infrastructure, Operations & Cloud Strategies Conference 2023 in Sydney on Monday. "They encrypt faster than you can run a directory listing." Ransomware operators therefore encrypt badly and lose some of the data they then try to sell you back. Restoring from corrupt data dumps delivered by crooks is not easy, Addiscott advised – and that's if ransomware operators deliver all the data they promise. Plenty don't – instead they use a ransom payment to open a new round of negotiations about the price of further releases. That sort of wretched villainy means just four percent of ransomware victims recover all their data, he said. Only 61 percent recover data at all. And victims typically experience 25 days of disruption to their businesses. Addiscott suggested that period can be reduced if organizations create ransomware recovery playbooks and practice their use. "Do you have scripts ready for a cloud rebuild?" he asked. "Don’t build the plane while you are trying to fly it." To pay or not to pay? A blanket policy to pay, or not pay, ransoms is not helpful, Addiscott opined. Instead it should be considered a business decision that takes into account risks including payments to offshore players could violate international sanctions and lead to fines. Paying ransoms is also no guarantee data will be restored, he added. Ransomware gangs also tend to re-attack those who pay once, making payments a tactic of last resort in Gartner's opinion. In any case, the decision might not be yours: cyber-risk insurers may decide a ransom is cheaper than funding a restore, and require payment. Addiscott said he's even aware of one ransomware operator that sent a victim the relevant section of their insurance policy to point out any payments would be covered. Securing the funds to prepare for a rapid post-ransomware recovery means couching the risk in the language of the business, not IT. Revenue protection, risk minimization, and cost control, are the topics likely to loosen the purse strings, according to Addiscott. Although he also shook his head as he recalled moments in which business leaders authorized large and rapid ransom payments that dwarfed the denied investments that could have made them unnecessary. He counselled proper preparation, because ransomware scum have figured out one way to accelerate stalled negotiations over a payment: whacking their victims with a DDoS attack so they're fighting two fires at once, and are therefore willing to pay to make at least one problem go away. * A right Royal pain in the Dallas: City IT systems crippled by ransomware * Let's take a closer look at these claims of anti-ransomware SSDs * Medusa ransomware crew brags about spreading Bing, Cortana source code * LockBit crew cooks up half-baked Mac ransomware Ransomware operators also like to double-dip by seeking payment from organizations whose data they stole, then mining it to find other targets. Addiscott mentioned an attack on a healthcare provider whose customers were hit with a demand for payments or else their medical records would be released. Customers named in a stolen data heist may also be targeted with a suggestion they let suppliers know they want payments made – to lessen the risk of their data being exposed. Addiscott suggested immutable backups, and an isolated recovery environment, are an excellent combination of defences. But he also pointed out that the folks behind ransomware are smart, ruthless, creative, and persistent, so will find new and even nastier ways to attack. The analyst did have one good piece of news: a 21 percent drop in ransomware incidents in 2022 compared to 2021. He theorized that drop was caused by sanctions making it harder for ransomware gangs based in Russia to go about their business. ® Get our Tech Resources Share SIMILAR TOPICS * Cybercrime * Ransomware * Russia More like these × SIMILAR TOPICS * Cybercrime * Ransomware * Russia * Security NARROWER TOPICS * 2FA * Advanced persistent threat * Application Delivery Controller * Authentication * BEC * Black Hat * Bug Bounty * Common Vulnerability Scoring System * Cybersecurity * Cybersecurity and Infrastructure Security Agency * Cybersecurity Information Sharing Act * Data Breach * Data Protection * Data Theft * DDoS * Digital certificate * Encryption * Exploit * Firewall * Hacker * Hacking * Identity Theft * Incident response * Infosec * Kenna Security * NCSAM * NCSC * Palo Alto Networks * Password * Phishing * Quantum key distribution * Remote Access Trojan * REvil * Roscosmos * RSA Conference * Spamming * Spyware * Surveillance * TLS * Trojan * Trusted Platform Module * Vulnerability * Wannacry * Zero trust BROADER TOPICS * APAC * EMEA * Europe SIMILAR TOPICS Share 26 COMMENTS SIMILAR TOPICS * Cybercrime * Ransomware * Russia More like these × SIMILAR TOPICS * Cybercrime * Ransomware * Russia * Security NARROWER TOPICS * 2FA * Advanced persistent threat * Application Delivery Controller * Authentication * BEC * Black Hat * Bug Bounty * Common Vulnerability Scoring System * Cybersecurity * Cybersecurity and Infrastructure Security Agency * Cybersecurity Information Sharing Act * Data Breach * Data Protection * Data Theft * DDoS * Digital certificate * Encryption * Exploit * Firewall * Hacker * Hacking * Identity Theft * Incident response * Infosec * Kenna Security * NCSAM * NCSC * Palo Alto Networks * Password * Phishing * Quantum key distribution * Remote Access Trojan * REvil * Roscosmos * RSA Conference * Spamming * Spyware * Surveillance * TLS * Trojan * Trusted Platform Module * Vulnerability * Wannacry * Zero trust BROADER TOPICS * APAC * EMEA * Europe TIP US OFF Send us news -------------------------------------------------------------------------------- OTHER STORIES YOU MIGHT LIKE FBI-LED OP MEDUSA SLAYS NATO-BOTHERING RUSSIAN MILITARY MALWARE NETWORK Perseus to the rescue as Snake eats itself Cyber-crime6 days | 9 EXTRA! EXTRA! DON’T QUITE READ ALL ABOUT IT: CYBER ATTACK HITS PHILADELPHIA INQUIRER Breaking news, literally Cyber-crime5 hrs | A RIGHT ROYAL PAIN IN THE DALLAS: CITY IT SYSTEMS CRIPPLED BY RANSOMWARE Texas officials preach limited government ... but not this limited Cyber-crime10 days | 21 CENTRALIZED SECRETS MANAGEMENT PICKS UP PACE How cloud migration and machine identities are fueling enterprise demand for secrets management systems Sponsored Feature INTEL SAYS FRIDAY'S MYSTERY 'SECURITY UPDATE' MICROCODE ISN'T REALLY A SECURITY UPDATE We're all for encouraging people to squash bugs but this is an odd way to do it Patches4 hrs | 1 NO MORE MACROS? NO PROBLEM, SAY MISCREANTS, WE'LL ADAPT Microsoft blocking 'net scripts sparked 'monumental shift' in attacks CSO10 hrs | 6 FYI: INTEL BOOTGUARD OEM PRIVATE KEYS LEAK FROM MSI CYBER HEIST Updated Plus: Court-ordered domain seizures of DDoS-for-hire sites Cyber-crime7 days | 11 'TOP THREE BALKANS DRUG KINGPINS' ARRESTED AFTER COPS CRACK THEIR SKY ECC CHATS Maybe try carrier pigeons instead Cyber-crime3 days | 26 EX-UBIQUITI DEV JAILED FOR 6 YEARS AFTER STEALING INTERNAL CORP DATA, EXTORTING BOSSES Momentary lapse in VPN led to stretch in the cooler, $1.6m bill Cyber-crime3 days | 8 TWO MICROSOFT WINDOWS BUGS UNDER ATTACK, ONE IN SECURE BOOT WITH A MANUAL FIX Patch Tuesday On the plus side, this month's update batch is a bit smaller than usual Patches6 days | 20 288 ARRESTED IN MULTINATIONAL MONOPOLY MARKET TAKEDOWN US tells criminals it 'will find you' and has a particular set of skills Cyber-crime13 days | 16 MODERN AUTH COMES TO ON-PREM EXCHANGE SERVER GEAR Guess this'll have to do while we wait for *checks notes* ES 2025 CSO7 days | 2 The Register Biting the hand that feeds IT ABOUT US * Contact us * Advertise with us * Who we are OUR WEBSITES * The Next Platform * DevClass * Blocks and Files YOUR PRIVACY * Cookies Policy * Your Consent Options * Privacy Policy * T's & C's Copyright. All rights reserved © 1998–2023