Do
I have your attention now?
Paying
the Ransom Doubles Cost of Recovering from a Ransomware Attack,
According to Sophos
One
of the interesting things I learned this past week at the
Privacy+Security Forum Spring Academy was that 75%
of a prominent law firm’s clients were able to recover from a
ransomware attack without having to pay ransom.
I was surprised to hear that statistic, as I would have guessed a
higher percentage paid ransom. Their experience, though, is
consistent with what is reported in Sophos’ global survey,
summarized below in Sophos’s press release:
Sophos,
a global leader in next-generation cybersecurity, today announced the
findings of its global survey, The
State of Ransomware 2020,
which reveals that paying cybercriminals to restore data encrypted
during a ransomware attack is not an easy and inexpensive path to
recovery. In fact, the total cost of recovery almost doubles when
organizations pay a ransom.
…
The
average cost of addressing the impact of such an attack, including
business downtime, lost orders, operational costs, and more, but not
including the ransom, was more than $730,000. This average cost rose
to $1.4 million, almost twice as much, when organizations paid the
ransom. More than one quarter (27%) of organizations hit by
ransomware admitted paying the ransom.
“Organizations
may feel intense pressure to pay the ransom to avoid damaging
downtime. On the face of it, paying the ransom appears to be an
effective way of getting data restored, but this is illusory.
Sophos’ findings show that paying the ransom makes little
difference to the recovery burden in terms of time and cost. This
could be because it is unlikely that a single magical decryption key
is all that’s needed to recover. Often, the attackers may share
several keys and using them to restore data may be a complex and
time-consuming affair,” said Chester Wisniewski, principal research
scientist, Sophos.
More
than half (56%) the IT managers surveyed were able to recover their
data from backups without paying the ransom. In a very small
minority of cases (1%), paying the ransom did not lead to the
recovery of data. This figure rose to 5% for public sector
organizations. In fact, 13%
of the public sector organizations surveyed never managed to restore
their encrypted data, compared to 6% overall.
…
“An
effective backup system that enables organizations to restore
encrypted data without paying the attackers is business critical, but
there are other important elements to consider if a company is to be
truly resilient to ransomware,” added Wisniewski. “Advanced
adversaries like the operators behind the Maze ransomware don’t
just encrypt files, they steal data for possible exposure or
extortion purposes. We’ve recently reported on LockBit
using
this tactic. Some attackers also attempt to delete or otherwise
sabotage backups to make it harder for victims to recover data and
increase pressure on them to pay. The way to address these malicious
maneuvers is to keep
backups offline, [Is
this less obvious than I thought? Bob]
and use effective, multi-layered security solutions that detect and
block attacks at different stages.”
Source:
Sophos
The
“Ready, Fire, Aim” school of Management?
The
Palm Beach County School District suffers massive pwd breach after
second grader hacks them
From
the
no-one-could-have-possibly-foreseen-kids-figuring-out-default-password-conventions
dept.,
Andrew Colton reports:
The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student hacked the school district’s password system.
We are not revealing the password convention that is used in the school district, but the second grader’s — you are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.
Read
more on Boca
News Now.
[From
the article:
Later
Monday evening, the School District confirmed that elementary school
students are not permitted to change their passwords. A spokesperson
said that may change this week as a result of the massive password
compromise.
Interesting,
but hard to summarize. Worth reading.
Naomi
Klein: How big tech plans to profit from the pandemic
Perspective.
The new “post-pandemic” normal?
Twitter
Will Allow Employees To Work At Home Forever
Politicians
take note! A more approachable spokesman?
Spongebob
Can Now Narrate Your Writing
Fifteen.ai
is
a proof of concept web platform that allows you to make various
characters from different pieces of media repeat what you write. The
site, funded by MIT, has served over 4.2 million audio files which
are the output of different characters speaking out the text the
users have requested.
Type
cursive in your own handwriting?
How
to Turn Your Handwriting Into a Font
In
this article, we’ll show you how to make your handwriting a font
with Calligraphr for free. You can add letter variants for a natural
style, adjust the alignment and spacing, and even export the end
product as a standard font format. And it only takes ten minutes.
… To
get started, head to the Calligraphr
website
and click the Get
Started For Free button
to create an account. There’s no need to upgrade to a Pro account
unless you want more than two variants or ligatures.
No comments:
Post a Comment