Data Backup Practices Can Thwart Ransomware


Spectra Logic is a 41-year-old private company, based in Boulder, Colorado, that according to the company’s website, “develops data storage and data management solutions that solve the problem of digital preservation for organizations dealing with exponential data growth.”  On May 7, 2020, and related to the move to remote work by Spectra Logic employees, the company experienced a ransomware attack by one of the more active ransomware malware that encrypted a significant amount of the company’s data.

Ransomware is a type of malware, often spread through phishing emails (as was the case for Spectra Logic), that once opened, encrypts an organization’s data, making it unavailable to access until the company pays a ransom to have the data decrypted.  Note that sometimes the malware source takes the money but never decrypts the data, so paying a malware source may not result in getting your data back.

Sophos published a report on The State of Ransomware in May 2020 that discussed the current threat and widespread incidence of ransomware malware attacks.  The survey queried 5,000 IT managers across 26 countries.  According to the report, “The findings provide brand new insight into what actually happens once ransomware hits. It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cybersecurity insurance.”

Top level results of the Sophos survey were that:

  • 51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks. 
  • 26% of ransomware victims whose data was encrypted, got their data back by paying the ransom. A further 1% paid the ransom but didn’t get their data back.
  • 94% of organizations whose data was encrypted got it back. More than twice as many got it back via backups (56%) than by paying the ransom (26%). 
  • The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is…

Source…