During his speech at Gartner’s IT Infrastructure, Operations, and Cloud Strategies Conference 2023 in Sydney, Richard Addiscott, a senior director analyst at Gartner, disclosed strategies used by ransomware perpetrators.
He claims that cybercriminals emphasize speed above quality, resulting in faulty encryption that corrupts data and makes data restoration expensive even after paying ransoms. According to Addiscott, ransomware operators encrypt data quicker than directory listings, resulting in missing data chunks that they attempt to resell to victims. Furthermore, many ransomware operators fail to provide promised material, instead taking advantage of ransom payments to negotiate higher rates for further information.
According to Addiscott, just 4% of ransomware victims recover all of their data, while 61% recover any data, resulting in an average of 25 days of delayed corporate activities. Despite this, Addiscott states a 21% decline in ransomware attacks in 2022, which he attributes in part to the impact of sanctions on Russian-based ransomware groups.
To lessen the effect of ransomware attacks, Addiscott suggested creating and regularly practicing ransomware recovery playbooks. Addiscott also advised constructing discrete recovery environments and using immutable backups. Furthermore, the choice to pay ransoms should be considered as a commercial decision that takes into account potential dangers.
The sources for this piece include an article in TheRegister.
