The second part of a two-part report by Intermedia deals specifically with ransomware and includes a link to a video which I’m afraid I haven’t watched. There are also some interesting statistics. When a ransom gets paid, who pays it? According to Intermedia, 59% of employees have paid personally, and only 37% of those surveyed said that their employer had paid. (Which may say something sad about employee attitudes and unpleasant about employer attitudes.) Yet the company has previously reported that 19% of companies didn’t get their data back. (In sharp contrast to claims that ransomware gangs usually recover data because that’s their business model.) I’d guess that with the increase in wiper activity in recent months, the 2017 figures for unrecovered data could be appreciably here. (Are wipers ransomware? Well, that depends on individual cases, but they do often present themselves as if they are.)
I’ve intended for a while to break out some of the scattered information in the ransomware resource page and sub-pages into its own Ransomware Recovery and Prevention page.
And finally got around to it.
Much of the same information (and more) remains in the Ransomware Resources page and/or sub-pages. (Sorry, but I’m happy to duplicate information where appropriate. If I had more time to spend on this page, there’d probably be less duplication, but I haven’t…)
However, the new(-ish) page is better organized and more immediately useful (I hope) for people who are interested in barebones recovery and prevention information.
Graham Cluley reports for Hot for Security that Only 38% of businesses believe they will recover from a ransomware attack. He cites a study by Tripwire – Survey: 62% of Companies Lack Confidence in Ability to Confront Ransomware Threat – based on the responses of security professionals at RSA 2016.
Interestingly, Tripwire also ran a Twitter poll asking ‘What is the most important step users can take to prevent ransomware infections?’
The options and responses were:
- 47% said ‘Don’t click suspect links’
- 37% said ‘Back up your data often’
- 11% said ‘Install software patches’
- 5% said ‘Use an AV solution’
I won’t complain about the low ranking of AV here: after all, no-one is suggesting, presumably, that all those options are mutually exclusive, and in fact they’re all steps people should be taking. But I can’t help wondering who these people are who click on a link even though it’s suspicious. Isn’t the point that so many people have such an unformed view of what ‘suspicious’ really means?